Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)

2022-09-01T00:00:00

Description

The version of AOS installed on the remote host is prior to 6.0. It is, therefore, affected - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow (CVE-2017-5715) - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized (CVE-2017-5753) - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain (CVE-2020-15436) - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could (CVE-2020-25211) - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- (CVE-2020-29573) - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. (CVE-2020-29661) - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625) - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux (CVE-2021-20265) - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to (CVE-2021-25122) - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is Note that Nessus has not tested for these issues but has instead relied only on the application's by multiple vulnerabilities as referenced in the NXSA-AOS-6.0 advisory. unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. disclosure of information to an attacker with local user access via a side-channel analysis. unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (CVE-2017-5754) malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532) byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013) lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427) reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029) expression quantifiers have an integer overflow. (CVE-2020-10543) situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878) recursive S_study_chunk calls. (CVE-2020-12723) allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351) privileges or cause a denial of service by leveraging improper access to a certain error field. provides the ability to run arbitrary commands as root. (CVE-2020-15862) overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645) using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656) allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705) in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374) based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference. functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513) there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053) features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS- TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability. (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305) SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161) SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163) 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215) 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329) access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937) the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363) adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364) appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365) allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156) exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156) self-reported version number.

{"id": "NUTANIX_NXSA-AOS-6_0.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)", "description": "The version of AOS installed on the remote host is prior to 6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (CVE-2017-5754)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS- TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.\n Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-09-01T00:00:00", "modified": "2023-02-23T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/164597", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20265", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19532", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2163", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26937", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215", "http://www.nessus.org/u?2a3342a9", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25211", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2161", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35513", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0427", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15436", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15862", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25705", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7053", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374"], "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2019-19532", "CVE-2019-25013", "CVE-2020-0427", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15862", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29573", "CVE-2020-29661", "CVE-2020-35513", "CVE-2020-7053", "CVE-2020-8625", "CVE-2020-9484", "CVE-2020-9494", "CVE-2021-20265", "CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25122", "CVE-2021-25215", "CVE-2021-25329", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3156"], "immutableFields": [], "lastseen": "2023-05-17T16:34:55", "viewCount": 26, "enchantments": {"score": {"value": 9.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["BIND_ADVISORY19.ASC", "JAVA_DEC2022_ADVISORY.ASC", "PERL_ADVISORY5.ASC", "SPECTRE_MELTDOWN_ADVISORY.ASC", "SPECTRE_UPDATE_ADVISORY.ASC", "VARIANT4_ADVISORY.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:5480", "ALSA-2021:0218", "ALSA-2021:0557", "ALSA-2021:0558", "ALSA-2021:0670", "ALSA-2021:1093", "ALSA-2021:1206", "ALSA-2021:1301", "ALSA-2021:1307", "ALSA-2021:1585", "ALSA-2021:1678", "ALSA-2021:1989", "ALSA-2021:4356", "ALSA-2022:1988"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-8625", "ALPINE:CVE-2021-20305", "ALPINE:CVE-2021-25215"]}, {"type": "altlinux", "idList": ["0666BB8481B59C8FF60D851348A7369C", "172377A713A918D5853CA3E9B24EFF85", "18D0CB45C93C051719A801D936BC19A2", "22B706709AF3BEB0700F24736F6EDF39", "2CAE1607583637377ADACAB2F5F899B0", "61DFA798756D99B65F1D96CC4A334918", "80770F9C1991CDD7CA379357ABA16034", "80B10627C17BB688CA3AE838DDA890D0", "8907B92479FC3D90FF62A4920C4D6940", "8D79D5F1BCBEB74A0D3E958E790B4049", "DF55E7D20B60553E66843B066D780C77"]}, {"type": "amazon", "idList": ["ALAS-2018-939", "ALAS-2018-942", "ALAS-2018-956", "ALAS-2020-1389", "ALAS-2020-1390", "ALAS-2020-1437", "ALAS-2020-1446", "ALAS-2020-1462", "ALAS-2021-1461", "ALAS-2021-1465", "ALAS-2021-1477", "ALAS-2021-1478", "ALAS-2021-1480", "ALAS-2021-1485", "ALAS-2021-1487", "ALAS-2021-1491", "ALAS-2021-1492", "ALAS-2021-1493", "ALAS-2021-1508", "ALAS-2021-1511", "ALAS-2021-1515", "ALAS-2021-1600", "ALAS-2022-1572", "ALAS2-2018-939", "ALAS2-2018-942", "ALAS2-2018-952", "ALAS2-2018-953", "ALAS2-2018-956", "ALAS2-2018-962", "ALAS2-2020-1449", "ALAS2-2020-1495", "ALAS2-2020-1520", "ALAS2-2020-1556", "ALAS2-2020-1566", "ALAS2-2021-1582", "ALAS2-2021-1588", "ALAS2-2021-1590", "ALAS2-2021-1599", "ALAS2-2021-1600", "ALAS2-2021-1605", "ALAS2-2021-1610", "ALAS2-2021-1614", "ALAS2-2021-1616", "ALAS2-2021-1623", "ALAS2-2021-1629", "ALAS2-2021-1635", "ALAS2-2023-1944"]}, {"type": "amd", "idList": ["AMD-SB-1036", "AMD-SB-1037", "AMD-SB-1040"]}, {"type": "androidsecurity", "idList": ["ANDROID:2018-03-01", "ANDROID:2020-09-01"]}, {"type": "apple", "idList": ["APPLE:121C0C2C932F899F870D9D5665610ED0", "APPLE:3CD8680715FC8DF4A758CC6012471868", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:4F36084A54A87DEB1241F91D2A3B37FF", "APPLE:554AF3533422B9797D4FBD02BF3EC816", "APPLE:87ECB5906FD123665AEE056A2BC685F6", "APPLE:8A3948F2E8E7E8D771C8CDFA03619768", "APPLE:A906ED60E2875C343BE4CB7524339858", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:F6306C158D7B30BA0A0EDD411C414BFE", "APPLE:HT208325", "APPLE:HT208327", "APPLE:HT208331", "APPLE:HT208334", "APPLE:HT208397", "APPLE:HT208401", "APPLE:HT208403", "APPLE:HT208465", "APPLE:HT212177"]}, {"type": "archlinux", "idList": ["ASA-201801-1", "ASA-201801-10", "ASA-201801-3", "ASA-201801-4", "ASA-201801-6", "ASA-202006-5", "ASA-202006-6", "ASA-202006-7", "ASA-202101-25", "ASA-202101-30", "ASA-202101-31", "ASA-202101-32", "ASA-202101-33", "ASA-202102-16", "ASA-202102-17", "ASA-202102-40", "ASA-202104-10"]}, {"type": "arista", "idList": ["ARISTA:0031"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-60004", "ATLASSIAN:CONFSERVER-62837", "ATLASSIAN:JRASERVER-71221", "ATLASSIAN:JRASERVER-71321", "ATLASSIAN:JRASERVER-72211", "ATLASSIAN:JRASERVER-72310", "ATLASSIAN:JRASERVER-72346", "ATLASSIAN:JRASERVER-72609", "BAM-21603", "CONFSERVER-60004", "CONFSERVER-62837", "JRASERVER-70993", "JRASERVER-71221", "JRASERVER-71321", "JRASERVER-72211", "JRASERVER-72310", "JRASERVER-72346", "JRASERVER-72609", "JRASERVER-73223", "JRASERVER-73739"]}, {"type": "attackerkb", "idList": ["AKB:38F76C83-56D0-4112-A583-4513CC15B1B3", "AKB:67AA97AC-E920-4D0C-9B50-6B1C42E683D1", "AKB:A377493B-6A40-4BB0-BF25-4E62943A3C0C"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987", "AVLEONOV:8378A14587C08A1636BEE66608020687"]}, {"type": "broadcom", "idList": ["BSA-2022-1839"]}, {"type": "canvas", "idList": ["SPECTRE_FILE_LEAK", "SPECTRE_SAM_LEAK"]}, {"type": "centos", "idList": ["CESA-2018:0007", "CESA-2018:0008", "CESA-2018:0012", "CESA-2018:0013", "CESA-2018:0014", "CESA-2018:0023", "CESA-2018:0029", "CESA-2018:0030", "CESA-2018:0093", "CESA-2018:0094", "CESA-2018:0151", "CESA-2018:0512", "CESA-2018:1062", "CESA-2018:1319", "CESA-2020:2530", "CESA-2020:5350", "CESA-2021:0221", "CESA-2021:0343", "CESA-2021:0348", "CESA-2021:0671", "CESA-2021:0742", "CESA-2021:0856", "CESA-2021:1071", "CESA-2021:1145", "CESA-2021:1297", "CESA-2021:1298", "CESA-2021:1469", "CESA-2023:0399"]}, {"type": "cert", "idList": ["VU:180049", "VU:584653", "VU:794544"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0908", "CPAI-2018-0011"]}, {"type": "checkpoint_security", "idList": ["CPS:SK171751"]}, {"type": "cisa", "idList": ["CISA:765265E5BF9328E9BAF09F93A1684580", "CISA:C9947C1FC01968B9804A8F58DCC22154"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-3156"]}, {"type": "cisco", "idList": ["CISCO-SA-20180104-CPUSIDECHANNEL", "CISCO-SA-SUDO-PRIVESC-JAN2021-QNYQFCM"]}, {"type": "citrix", "idList": ["CTX231390", "CTX231399", "CTX234679"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:08639CF3E8D6C946D02AFEE0F4B5B0A0", "CFOUNDRY:12A130F5867F69C520CCB42A0E666BA6", "CFOUNDRY:1F5DBB3C3CBCE17DE26C796E1F59B3C4", "CFOUNDRY:3720080273E86FF03D0F1B6427ACE3A9", "CFOUNDRY:3888B12B09C668EB9CDF72218859827B", "CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "CFOUNDRY:4C29708E9DB1757C4BE1AE571C33062C", "CFOUNDRY:4DDEEFC6D5CE0AA12B5BF627FFC8D2F4", "CFOUNDRY:6842286EED83D27526CFF6743C20F98E", "CFOUNDRY:81709274A5535B1DACDD4242D3B162A5", "CFOUNDRY:862874E6C64B2BCDFB15F341DEE2747E", "CFOUNDRY:86B5C35F8F0E334D1CCCDAF1214EDFEF", "CFOUNDRY:8730FEC9F4689F70DBBC5917AC5BF0C6", "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4", "CFOUNDRY:9E4F229463FCBB3F72D8A43A5A386007", "CFOUNDRY:C4D1C1686A388941AD439B6E19ADC7F2", "CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07", "CFOUNDRY:E2EC45D69AA3550DE981BAC4E63015D3", "CFOUNDRY:F862BE9A087FA6B59D4299BADF8089DC"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1611743864", "CLSA-2021:1618497131", "CLSA-2021:1632261610", "CLSA-2021:1632261664", "CLSA-2021:1632261705", "CLSA-2021:1632261812", "CLSA-2021:1632261839", "CLSA-2021:1632262269", "CLSA-2021:1632262296", "CLSA-2021:1632328234", "CLSA-2021:1632328264", "CLSA-2022:1657561005", "CLSA-2022:1661176564"]}, {"type": "cnvd", "idList": ["CNVD-2021-54684"]}, {"type": "cve", "idList": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-10471", "CVE-2018-19965", "CVE-2019-19532", "CVE-2019-25013", "CVE-2020-0427", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15862", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29573", "CVE-2020-29661", "CVE-2020-35513", "CVE-2020-7053", "CVE-2020-8625", "CVE-2020-9484", "CVE-2020-9494", "CVE-2021-20265", "CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25122", "CVE-2021-25215", "CVE-2021-25329", "CVE-2021-26401", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3139", "CVE-2021-3156", "CVE-2022-23181"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1232-1:15F37", "DEBIAN:DLA-1349-1:65BA2", "DEBIAN:DLA-1362-1:86139", "DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-1422-1:EBC6F", "DEBIAN:DLA-1422-2:DC70E", "DEBIAN:DLA-1423-1:B239D", "DEBIAN:DLA-1497-1:58644", "DEBIAN:DLA-1506-1:91878", "DEBIAN:DLA-1506-1:B3A8C", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-2068-1:83234", "DEBIAN:DLA-2114-1:93D37", "DEBIAN:DLA-2148-1:72DBC", "DEBIAN:DLA-2148-1:FD9EB", "DEBIAN:DLA-2209-1:84C77", "DEBIAN:DLA-2209-1:D154F", "DEBIAN:DLA-2217-1:0ED90", "DEBIAN:DLA-2279-1:771F3", "DEBIAN:DLA-2279-1:AB3FB", "DEBIAN:DLA-2313-1:23051", "DEBIAN:DLA-2313-1:C1F7B", "DEBIAN:DLA-2323-1:C146F", "DEBIAN:DLA-2417-1:4ADAB", "DEBIAN:DLA-2420-1:692E7", "DEBIAN:DLA-2420-2:175D1", "DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95", "DEBIAN:DLA-2534-1:1EFB7", "DEBIAN:DLA-2534-1:AA5E2", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2568-1:80ACE", "DEBIAN:DLA-2568-1:8C5AD", "DEBIAN:DLA-2570-1:24157", "DEBIAN:DLA-2570-1:82F39", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DLA-2596-1:25D69", "DEBIAN:DLA-2610-1:A54F6", "DEBIAN:DLA-2634-1:2F707", "DEBIAN:DLA-2647-1:7BE9D", "DEBIAN:DLA-2743-1:A281D", "DEBIAN:DLA-2743-2:6530F", "DEBIAN:DLA-2743-2:EB0B3", "DEBIAN:DLA-2760-1:AB0C9", "DEBIAN:DLA-3152-1:9B676", "DEBIAN:DLA-3160-1:77FDA", "DEBIAN:DSA-4078-1:83863", "DEBIAN:DSA-4082-1:57979", "DEBIAN:DSA-4082-1:58978", "DEBIAN:DSA-4120-1:7BEB7", "DEBIAN:DSA-4179-1:CBB23", "DEBIAN:DSA-4179-1:E7F73", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4187-1:E8170", "DEBIAN:DSA-4188-1:B3909", "DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4213-1:698A4", "DEBIAN:DSA-4213-1:F6297", "DEBIAN:DSA-4469-1:052EF", "DEBIAN:DSA-4469-1:B9B08", "DEBIAN:DSA-4627-1:1B266", "DEBIAN:DSA-4710-1:1155C", "DEBIAN:DSA-4746-1:E6C3B", "DEBIAN:DSA-4746-1:F3535", "DEBIAN:DSA-4774-1:EE27B", "DEBIAN:DSA-4774-1:EF524", "DEBIAN:DSA-4839-1:0839A", "DEBIAN:DSA-4839-1:3997C", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4843-1:6BD24", "DEBIAN:DSA-4857-1:7F225", "DEBIAN:DSA-4857-1:A52EC", "DEBIAN:DSA-4861-1:2E8DA", "DEBIAN:DSA-4861-1:73888", "DEBIAN:DSA-4891-1:1A529", "DEBIAN:DSA-4899-1:2F354", "DEBIAN:DSA-4909-1:42284", "DEBIAN:DSA-4909-1:88261", "DEBIAN:DSA-4933-1:33C31", "DEBIAN:DSA-4933-1:B1877", "DEBIAN:DSA-5265-1:55805"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-5715", "DEBIANCVE:CVE-2017-5753", "DEBIANCVE:CVE-2017-5754", "DEBIANCVE:CVE-2018-10471", "DEBIANCVE:CVE-2018-19965", "DEBIANCVE:CVE-2019-19532", "DEBIANCVE:CVE-2019-25013", "DEBIANCVE:CVE-2020-0427", "DEBIANCVE:CVE-2020-10029", "DEBIANCVE:CVE-2020-10543", "DEBIANCVE:CVE-2020-10878", "DEBIANCVE:CVE-2020-12723", "DEBIANCVE:CVE-2020-14351", "DEBIANCVE:CVE-2020-15436", "DEBIANCVE:CVE-2020-15862", "DEBIANCVE:CVE-2020-25211", "DEBIANCVE:CVE-2020-25645", "DEBIANCVE:CVE-2020-25656", "DEBIANCVE:CVE-2020-25705", "DEBIANCVE:CVE-2020-28374", "DEBIANCVE:CVE-2020-29573", "DEBIANCVE:CVE-2020-29661", "DEBIANCVE:CVE-2020-35513", "DEBIANCVE:CVE-2020-7053", "DEBIANCVE:CVE-2020-8625", "DEBIANCVE:CVE-2020-9484", "DEBIANCVE:CVE-2020-9494", "DEBIANCVE:CVE-2021-20265", "DEBIANCVE:CVE-2021-20305", "DEBIANCVE:CVE-2021-2161", "DEBIANCVE:CVE-2021-2163", "DEBIANCVE:CVE-2021-25122", "DEBIANCVE:CVE-2021-25215", "DEBIANCVE:CVE-2021-25329", "DEBIANCVE:CVE-2021-26401", "DEBIANCVE:CVE-2021-26937", "DEBIANCVE:CVE-2021-27363", "DEBIANCVE:CVE-2021-27364", "DEBIANCVE:CVE-2021-27365", "DEBIANCVE:CVE-2021-3139", "DEBIANCVE:CVE-2021-3156", "DEBIANCVE:CVE-2022-23181"]}, {"type": "exploitdb", "idList": ["EDB-ID:49521", "EDB-ID:49522"]}, {"type": "f5", "idList": ["F5:K00174195", "F5:K00384005", "F5:K03121171", "F5:K09604370", "F5:K13591074", "F5:K15747621", "F5:K25401610", "F5:K27238230", "F5:K28409053", "F5:K33101555", "F5:K34519550", "F5:K38481791", "F5:K40508224", "F5:K41440465", "F5:K44318398", "F5:K54252492", "F5:K65213626", "F5:K68251873", "F5:K71522481", "F5:K73648110", "F5:K86488846", "F5:K91229003", "F5:K96223611"]}, {"type": "fedora", "idList": ["FEDORA:017273129EBB", "FEDORA:02C4230A08EF", "FEDORA:1B8D330A08F2", "FEDORA:1F1BC30987DA", "FEDORA:22CA86022BDC", "FEDORA:281CE30E401D", "FEDORA:2D09F309C002", "FEDORA:353D73154ABE", "FEDORA:3B84A305A8AE", "FEDORA:44B0F30CBD42", "FEDORA:451BA309C1E0", "FEDORA:4788E309FF20", "FEDORA:481D1608F47B", "FEDORA:4928D30A037F", "FEDORA:60E3A30D1484", "FEDORA:660AA642E1AC", "FEDORA:6B7B13093170", "FEDORA:6EA206291A90", "FEDORA:73B0C3094225", "FEDORA:74548307F429", "FEDORA:8068430CBD46", "FEDORA:820CF3075DEC", "FEDORA:824E230A6A04", "FEDORA:874F930A6378", "FEDORA:8836630BDEAC", "FEDORA:91BCA30520E0", "FEDORA:958BD626BB06", "FEDORA:9FB8F310F2E1", "FEDORA:9FDCF62874A1", "FEDORA:A9E386095B4D", "FEDORA:AA76B30CBD63", "FEDORA:AC8B13099EFA", "FEDORA:AFFEA30BBFB5", "FEDORA:BB774312EFDE", "FEDORA:C6ACE30A5262", "FEDORA:C6B8230CF2BC", "FEDORA:C7F146099564", "FEDORA:C8A606087D99", "FEDORA:CF851309C00C", "FEDORA:D25E2304CBB0", "FEDORA:D3C883052BBC", "FEDORA:D68E7309CEF1", "FEDORA:E251030B5E26", "FEDORA:E9704310F2E3", "FEDORA:EDE5030AF0CF", "FEDORA:F0266309ACD0", "FEDORA:F12FB31404B0"]}, {"type": "fortinet", "idList": ["FG-IR-18-002"]}, {"type": "freebsd", "idList": ["1CE95BC7-3278-11E8-B527-00012E582166", "676CA486-9C1E-11EA-8B5E-B42E99A1B9C3", "6FD773D3-BC5A-11EA-B38D-F0DEF1D0C3EA", "74DAA370-2797-11E8-95EC-A4BADB2F4699", "F3CF4B33-6013-11EB-9A0E-206A8A720317", "FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-18:03.SPECULATIVE_EXECUTION", "FREEBSD_ADVISORY:FREEBSD-SA-19:26.MCU"]}, {"type": "gentoo", "idList": ["GLSA-201804-08", "GLSA-201810-06", "GLSA-202006-03", "GLSA-202006-04", "GLSA-202006-21", "GLSA-202008-12", "GLSA-202101-20", "GLSA-202101-33", "GLSA-202105-11", "GLSA-202105-31", "GLSA-202107-07", "GLSA-202208-34", "GLSA-202209-05"]}, {"type": "github", "idList": ["GHSA-344F-F5VG-2JFJ", "GHSA-9F3J-PM6F-9FM5", "GHSA-J39C-C8HJ-X4J3", "GHSA-JGWR-3QM3-26F3"]}, {"type": "githubexploit", "idList": ["0150448C-5C49-5917-A32B-56B1154BC517", "03BFA6A9-100F-5BAA-9493-6A9C3461A37B", "076B6736-32D3-5F37-8570-7C8B87A7A5D0", "08927CE5-F79F-53B1-A28A-35CF6EB8F941", "0DA1AFFF-82A5-565A-BFA6-8F6A6E52268B", "14CD7401-C309-52B2-B4EE-AD54900F0455", "213BCA43-1160-5637-AA17-A4F7DFA29967", "25B0D3BA-0039-5AAB-97E1-07A88FE23CC1", "2622835C-6D71-5CE4-975D-7E6B9E55E50E", "2987A23B-5EFD-5B4A-A951-6D72B13B71A4", "2A668D83-7F03-5870-A265-BE4B1ABB4F1F", "305FA0E2-CE78-57B6-87B3-EC7BEFDBE2B0", "30C55741-9CBF-523B-B78C-E933DDBAC0A2", "3CC19BC0-B7EC-52D5-805B-9A1077EAA419", "3F0D2FBE-2CDB-5783-906F-F7B71218723E", "41247B1B-2EEF-5EF8-967A-47EBDAA78CA4", "4278B435-D22E-57E8-ABC4-639BAAFA6FC9", "4C45914B-E23C-51F5-AC39-A11AF3084185", "4C6E5FA8-A6FA-5A3D-9277-6417A1361407", "4C7FE64B-11CD-5DA3-9F7A-F5ED394FC01B", "504D019A-423C-50A0-9677-93192F0ECDFC", "5602A60A-886A-598C-99B3-EE2E820506AD", "5AAFA05E-ABBB-5EB6-968D-71E9154832F0", "5ACF6B43-1E0E-55AE-A3C6-2FFCB8E95A05", "5E86A164-FA62-5822-A034-A558F2C68082", "6404B816-013C-5D30-96E3-EA233A91E9E4", "64FD9C52-1048-5BCE-9134-9228A5B5D896", "65B35104-9A63-5777-B8CD-117BFD564064", "6C4460D8-B721-5912-A303-D746BE6AE918", "6D615941-1400-5F6E-8B84-68AB306EAAD4", "73755D06-C18A-5153-8397-77FD839D02FF", "743F51FB-8BF4-5425-AEFA-10B2A14C8F3B", "77013337-4BEA-5530-BC92-0C0BCA2BA0CD", "7AB13657-1E3A-536C-87B2-C058EBBA92A7", "80CE8226-21F0-5511-969C-AFDE06BF7C2F", "860137A6-8A6A-5B9E-8DA2-9D56B4F7F3BB", "874146AC-B29D-5508-82A6-F689D0A8937E", "87656530-D6BF-59DF-AEAA-94EA936D15DC", "8DA5EFBC-B7B3-53DD-9EA5-CE5BF1C786F2", "8E313950-A935-50E7-B3A1-0B42A0403763", "8EF43C83-EFAA-5B36-ADB4-69AC40B5DFEA", "9003FB61-0943-567C-B4D5-674ADC3206E9", "92CE6110-40F8-5FE5-909B-BE6B59186578", "94A16899-4218-55D1-B5CF-2480CDF5331C", "A64B2D10-93F9-5DEB-8FF5-EDD62BD2F346", "AB7F01A0-08AE-56CA-A116-D36B8B48FE8F", "B0BA17F5-F171-5C97-9F6C-D5F38B5B64F5", "BA454336-99D5-5669-9586-DE4761C4D7E2", "BC98F6B9-CA75-554C-ACA1-30325FC62B0E", "BCD79315-7A3F-5041-9459-7CF1BEB5C6BC", "BD98107A-1F5C-5E0E-BB2B-51DFBAC1D4BA", "BF2EF6C1-6CDB-598E-B8F0-B6803DE02CCE", "C4EDB405-454C-5160-9A99-21A930740C3F", "C7EFCE12-F44C-5E4A-8D51-D4F6CE4A377D", "CF8077FD-4A28-511E-B1DA-F4F5476C36E6", "D1B13DF4-3B67-5E28-B67E-5CBE9B8C3D1A", "D4B13E09-5713-5A3F-9BD4-6FF6836D56B6", "D5CBA0E2-A4B0-52CE-B93B-F433CE8662DA", "DC83CAA2-80A2-5618-A8BB-64F21B1308CA", "DDDD3D70-3C6C-5957-B39C-BC7FF579239A", "E089A8D5-F5B9-5354-8F98-7A6A5AD25E95", "E95D9A0E-E9DE-5D95-9879-E07C0257318C", "F4C155BB-D279-51C9-A988-FF65F4CE76EF", "F60737C1-A24B-51C1-AE8D-73A65C778FFF", "F8906E65-8ADB-59DB-8A3A-AEEB8FD45719"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:42FBA08807698DC5CD34486014AC8332"]}, {"type": "hackerone", "idList": ["H1:888986"]}, {"type": "hp", "idList": ["HP:C05869091"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180106-01-CPU", "HUAWEI-SA-20180606-01-CPU", "HUAWEI-SA-20210310-01-ESCALATION"]}, {"type": "ibm", "idList": ["017704F263DE498C81E38DCD35C1B649CAC8F2B6DA67887C1DC1F132F6BB1B85", "0303FE3DB6883C126F5416C10E374A324E85ADEDF43FC6D681B3D909D291CD2F", "03A75A8ADEE2A3CF05A2ED491DBA9138617AEFF976CB3B9F8B7A69B2AE72BF8A", "06E7679A0A430591547BE3B839983A91F1BB92D74E31EB6A05B85DD469AC6C05", "077CACE3330807DB9A0479410A548456194DEE66D2F89956CE566945832802D8", "0848D11FE6A7FFE3D70FDD1DBC47A7D72FEBAE4AFB8052D4E01853492896AFB0", "08D66F29C64E6C39E4785214007F9468046E2322A395BD20F63969686E7E940B", "09CD81CAD88D5272A1898D3B104B0A76C75C4D6F24390C322F2B3A9929DF7F0F", "0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "0C0FCEFF08B70A8890556A0B1964A693C539DCB661117BFD547DB5BBE82E7794", "0E93ED5DE66ECEEBDC351B52A02102977F0EC054248E1231FACE079530976EB4", "102B9B7DB920309348807B9EDBB8011D39F944480E9B123DF1061A6D4163603A", "1040E61D553E5D96DC4708670394F1131FA180E0AD28D8BB14E0A6D5F43E9C82", "10BC2C3E71D7BE838D7AFB65577146159915718411EBAA6FC48E3F7023189237", "12333AFEDFBFAD6D25D8677FBCED3D9B79A60115DD4D276200CFEDB506FF254D", "13A7CD5F3B6EA41927871DFED2B88C78727B03B56B4E65C6A651F0E363444695", "14F2CB20D125818C2386EAD3444BA4A1EE40CB0D32F55A5468B94496D99AC267", "15EDD207F35C78C838BF7C8772771732C1FF8B232E352EBA84C90F297CEE11D5", "1615871DB6D900C69F1E3E99183BE8581ED1CED870E2C3B0E3B990E1C56F30E0", "165A8842665EA147BB56D0076E2E99E69879A594B73DFCFDADE53D830C626891", "174F1CB3220ED56F318FA688B5104CC5CCC2107DBECA87BE989ABF3A0091E073", "180AC5D7287F51495B95E36020BFF2325D0F58CB7C4B6EA71A4C3D8EEB389808", "18620B761A4F7E6873488EDD7E1CDC967A96C7C3E1D9E6AF924585B3EBCCCC9A", "1883D0F65AAAB99A108FF98F1E2F17A039025798282C39D92D05E73D0AEC899C", "190680E40A17D3CD839AD41A35BAAEA69C358A05CD874B5D0B4DBA1097C68C1E", "19C4C882864E6146FC051FFD0D6639DA7D33478F602126A11F952529D4692F5D", "1A226F41CCEE49F182D2CE6E2913B939C921267EC05F27A8773B9DAF87654A6F", "1A56C0E27437AA486509D2812836A0A7761E820321946BF730BBC1A9B185F972", "1A7C978C22890A7DF0848AEBAD944FE32762CE8AD93412571125C112769BA6C5", "1A8A5E6AC75FF4A1A546DD1431D4E3A224B13E96434DBC2C5C874D7E73D90553", "1ABA3EC50C5BB5DE641865CF34A5CAC018FE13D6CFF8FE946D2F218907356D71", "1C560FDF4FF2E940003FF8C0D070D1BD39948F21DA49836BF64E9DA7FD25285B", "1CD24D9BB6CC6131994412DB4971F1CBCAE6B1BCF0242694237661B1E8308C5A", "2131D99BFAEFE3343A14AD9ABC5F0D304F0DF1B269E5BC2555D19BE72A1ADCF0", "22794D277867D05D60A4A8B81178E1E278C8910B8FD88EA36F11DE159D85F815", "23D411D68BFED5CF1D51704608C604C493F6C2422CED07555BF04D2CE25673E8", "264C961BAB10A4BA0E7567F453354D59B642C48BC97915D2754E4EB195A5BC6C", "28E683B9E1028822A2C208D0617DA2DE26079DCB38CC45919D696CC7747F906B", "2A40009A88F7F92C59723B05B8A8BC439ECB104B7E48FAB00AAABF8FE910CEF1", "2C1B7E62B248FF39626000CF15C85771AA08F4D695FE4DA8F2B707B4FB16460B", "2C6883C7D3865B8039726C3454BA0B0D5A6F3F11B0878992EA2AACAC9F364E05", "2DB9672176BAA20D2A713CEBE7C5DBF396C5FDC76CD24B8637F4743253DDB3C9", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "3269D53D796DE6142CE9BD0E1B94D97873271D1E5CAAA9941F4536CB81D160D3", "32C7366BF60AD0A0414388FADDC398AE2C222E692560B44546E29585DCB69B7E", "333592CBE804FCDFDF74B8FA13079F97D5B02F69AD7FA9A4515AE89BF6194975", "3540AA54A1ED51682893BA31F766B870A1375441D71B0C703E82EAA191CC0D6A", "3573B8231D7FD55CF0A4EFE36C172C85E85EB9016219840B42EB0C20410093E9", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "37D5FF13758EDEF642F4A1B0ADD243A867CC4267C97FC6E219984BA037E3F585", "38230E519D378DE2DC75E630BBE3083E23728897D6DA217E2FF09CC4976D9E4A", "38CE21C8E36E0D8E13CFDB6726BF7297A06F5BEE727FDC02819987C18B1360E6", "39804680374C75B0CA5BE247C12A654F6251DE96D16F2FB37803816D4A950BD7", "399D6B5BBEEB0175AABC2C502AB4F3577D91A2BC51E65E65E043AF954F02982F", "39EC965A32E4731457CEEA02EAEC841BAFA28785B721AFA4F5396AF6EFF86877", "3A0EC58D68A9FF044EFDD59A19016C7F96E811E1FC47D2E23F42FDF074B43F35", "3CF3C789E67BC4BED4E00BAB92CFDEBBACDE7238E903B67252519FD7D01B4413", "3E261B96ABC6FB8DAA7E70DB43FA7ABE715188074A159795BC665B68C81B1FCE", "4285320DB515A7DDFB31B8A5AD1416F144BB7493D6D7B26DAAA6134A677B2AD5", "43A059A4F1BC57350A1E035C01C61052FD9A2C0AA72377768D010CBA020E335D", "44B0022B14893C294BEA44555B80055369138F079E5C801EC2449F2BB64AF930", "44BBDADD105197938F540FD4CE3785F014A665D16F7814593D2D617671C1231B", "456A44C73802C0210EF9039DDC2F2011CE64D16EE318CB2485594AB6312D17CA", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "482F7518F00298B2B6CC1C78CECF285E10C7778C187F6BEA8CEA0EBE3C7C4709", "496D1442E6BA8A6137102D042D945E6932A39AD824C40F1EC57D3D14D4666E29", "4A13A3496FCF6B846B2A1DE1CDC0810F64A5ABAB123B9000E74EC8183260175D", "4A4F5BB53C8DDCEE3D34BD988ABA91CF0C55BD9DCF4C64F8201B449C24A79560", "4BDA96731BEDBE3B4D78DBA9FA7051E3DF5C22631E9222A0E15B433BB8B9B171", "4E18B67E118A4426922199D71DDEBDA96F590289F2B10DF757857DB660516218", "4E29621A8C665E765DF1B3133A2E3AF5095D6C26AD83AEE5F7A65FFABC557B20", "52A39A31A2B851E5476110E47BF03862724661EC3EA218D629808602352A073B", "5350BFE3F0C933995CDC18BFAA64637FC165B9B3DA8DE751D393D697721E78BF", "53F007B960459765058C623CD55EC0CB2787CD6CC41E114A4FE33B4399B679FB", "54676D873049DCAF16EAA1A2D3C84F2FEA5E59524A8378996F862C1749977BED", "553055C3FBB4B66E0E52E9ED84C317CAD8597E592FD02A4980DEC6315CABD2E7", "5627FF7B843DD3506C71D634BF3D9A84A7A4505185E28F6288298EC59DAA7BC5", "567345576590494CB813B386383CCFD2CCE4CD51C93AD9D6FD80D7D632CC8257", "5785772A628413BE750308910FFEAA8AACC7C2703F2240DE96947A5EC9FB2289", "59546F63C7A60C8B206D8D53B79FBBDC51B4BC21915D19B927A95CC508208016", "5B55DE775FD627D53A5307BC1C2CCF710D57AAAAE0C4F339A2BFE244B91BF012", "5D63DFA90AE05BD537122A9820FEC290A8E1FB9D0AEF4B12256F5FA09B670775", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "65AC1B828E41A5505E1A8E4F6E7E2E7A2BE86DE58C539C97379A40C7ED8BBD9F", "65AEAA74B4397CD9FC1768668C6ED4E2A219B5570B2041431D7D2F5201973D4D", "660208B752BB57B009A4138672B205F26C849049E39D34C5826F6CEC8771C567", "66C65608C48FA9A8FCD8C712F142BF802B318517AE0F2C5E42A7CB9567BB7B0E", "695AD761535791BFD5B19D6F2FA27E78E40E7E49025C57143449ED9010F98D1E", "6C10F7DF7999077DCC8D27116701F4736A872F28FB52C6D8B857063D077487A5", "6F5C14D8F69121D142075F54FA8D7EBC0AA14DDDA57C28B17CEBB02A4F651B30", "70E7C4F10838DCD91579EAE4380936B1A2975B973F9A7D6A565AB5DF177F1B0B", "7173CE0529466881C359FCCADEF6CE29FA3E19A2809503D3AF51ED4BD00B45A8", "720832AC3637E07F4C1BFCA75FC6629997A5BE41E1E70274D0A86D7D48EF7EAC", "726D3EA736C4A8B48405EED7970A20AD57696B09376152E80E033C733E679B49", "72F1E7577FCF8928470E468FE7D142106425AF53D73065DE5A128A024AEA0013", "74767FAF408C31EF10FD36E87F8FF06644380251DEDF0B8DF0EAD56F9291B3E7", "74A7E2C07D54A37D5F24750F06A13F0442C9D38D0B176EBFFB72B71C5332F1F2", "75364BFF408CF217250AB345A1FF37D7ED2AA865336C880DC6FB0D48F434D5B0", "75B84CEC510E3A7D95E9F35F371450BB7120399A0D986BEBD2A14B5FCE7E3924", "76B18AC05B7E0957D5D44EE4D8737CA8E0D897D28AB3EF35B96AF96E1045759B", "775A1EF8AB84EDDEAAC3AFD8A9183F862501C3473302E82B0CB0C6CA82535C19", "778EA31981EC95B7D8915FD854BC6A0D98BB9A839E808A14D3C548C3A88F9D2D", "77DA9A466A7C42373FF7E0F4EB5E62474CCAD685AD37FE9457EFB7AD15F923AD", "79B141AAF1C51913A9CB5960F462DFAB85217C7BAD6F6CB8BCD729FACEEEBD51", "7A176FEC5482DF626A658547378F02268F41CB91F7D83D022F9EFD7F0A8D1167", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "7A53C19FF480E48C62F3A876817E646DD9329F4F75468297B786BC33EF754038", "7A89BB55E5B049E80A4EDE8650050366D20EC49B897A44F7858ECD4C51F1A2F8", "7B614296DA3E2724AE6DAB84E18EEDD256F0912D1BCD8AD522657BCB05C688CF", "7BEBE6C769A16D13746B813CF456C36F85AE1B1A1CBD26E71A53BD6E5B34E2F4", "7C5451969551322B10C02D39A8205047791F77289C2CE11B04A515BC58230E66", "7CC35644F6B021F831E7F0CE6202E800E4D6128DCDC6A585E8A27C3D0C5B672E", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E1CB2FDA212C7A8FC0CCD8803720285F00C1F62F3E2628C7217A85BFA5FFBC8", "8074E36BA6CCBB82DDD34401CDDE6095CC85FDC1D6E55869D25037592E0F14DF", "81025F903EAAFB3FD0BB42B351CD25803D50132F91E66C45941659CF9467FC5C", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "84EC6543E200FB54FF05723D30518AB7A1764E126A43609F45F6C9A1976900E5", "87923FDFB72096B1C8DCCF43F6A41A614DD87803DEBC33434D17685EC97C13D6", "87A19FB5346DA81A86907270AB84E2E3899A8B6E531102A2175D836AB9D8EBF9", "8AF49736D617D6497975587C78B2BF1F6346503341CAD9EAB6FBA89669C46B3C", "8BDB2B04E90B5D8B3BDFF1CFA6291BB29AA8C21942820B81D627E9E3835D2C35", "8D2C237BEE4441339BA2BEA5A096B3B4B0E410AD212D590FAF348DD3549DC2F1", "92C7FE6CF964CFF7663A2F30257F2374522889DA6BB31D37E2BBB96D799F67DE", "934D721C1AB58ACE3BF9BE7C5F5C525259057A25F2AFD40C49A35BEF2DF6445A", "935D16DF36C800393007E5C108A433F20ED3C2511F590B5AD68460B950CB39BA", "94A5EAD2AABE10D8AAA1B85ABE8D9AB1090736FBD08E6B72EE5BAB165F23B881", "96B8C81AD52035685E7BCA439CB3B55D261A1BC816DF2B4A9A8ECBB387488B19", "96EE6315C930B95B287C2205A71B8460E379C41B0AB5C1A99697010FB2D913E7", "96FC3F533D118E062E30E53A157F7A204032411F860DCDB42F224E9AD76B50AE", "97439FF2C3A046215A9F6FBE47B7950CF91954D61775F25E45BCDD8A70389449", "97918B8E0A34BC0868CE65A92D25972D5C1B07A90FC608DFB9C6C0F944FA0ADF", "99F5DA628E49A7579F5853F7B7525E1C80094482BB3E6BDC01C3B73B7C77C841", "9A974C19C88E6055D4246D3077BD4EB1DCC0F339D4F608BD01A98B7ABC9630EB", "9C4C70AC1220B4AB5A285A185307DA7DF44E947301A291D48C2912AEE62114C9", "9D4049943D1946AB71B0B67E00156CDC1CEC43E9122B86B9DC13C2A879764A86", "9FD2E9C66619362A32DE4524AA1584928DB440CB9828F6FFBD3C98115D160446", "A23F81D3778388FEA85C4F68EAB5B06484A84CEE1267505C6AC6D40B99F50BBE", "A24025E5E8DFBECD8F40E7C292D9FCC4C212B6C1F927A299C2FB44D85D74F70A", "A2E923A551C0F36BAC84848E053A3A93F2AC1141EB9D1739FE1D48A6684F5352", "A4C7F1899089B546ED394AE8F6988B8EE42E053E0111886BE9FBF60DD7E72474", "A594E3179D9A187B5EAE777411B4109CB85600F1AEC96905951B67E4F825EC64", "A5CBEEFD626C571355DF8388498D9808FFEC358F873B2F3FB321770F6D19ACC9", "A63221A3E2B1CE90B33EEE6D5C17C71D6DAFD1A90BCC39B6E03A5066A8597FE2", "A65A20DF8DC8A4F56EC0F4DD6F4F7A99DA0D4AA58739A1193576B3B006626F85", "A682F39065541E5C1712239B2761462972169D4C104E7393AB2199A0478F5C1A", "A6E0AA4F7CE2CD35281870E21B59F32FD6E5217A46EC5702A87294F585538FD3", "A7668EFA2A4710B7E3D5B8C8191045528B7DD06F6710E08837566548F9500347", "A79DD559871726E692FB55D7ACC6F9BC215D7114846386F8E2919B66C7EFEFE5", "AA368E89835F74857CCB97D3A4A3C3640BC3193AFAF5AEBDB69ACC0179835395", "AB2C0489F353BB12BB89949E01DA1BD7D3A274FCDD90CE2BEB975BDC9E47FFA3", "AE33D31A0FB7255EF28BE79BC12503CDC31DB9273944374F35C9752D138DD964", "B2539BE570C97A3AFB4E7984C51CFC105913A5069E1BA52A5E5DA64A1A017E24", "B25B1FD7DAAC8B0CA22230BBC4B43EA90D4F6C4ACF3EE377E8980774F741941A", "B2EAB78FADD2A38E2416DBE38509D0A0612D4D7D3AF68924D1886EE5C5C022AF", "B2FCE44624F501314D958E4856653642A780A19EFDC1BC430A290CBD59647968", "B33FA893148E9C76925FA67166C54BB7E197EC96DD88578FEB3D80D16489F9CA", "B35331C8976936545073B60350455C602E3A6DA9E2C52BDF202502219C50D240", "B57ABA0428896072F2A6BB4F91AC37ADA1E7619F5A030AD560C9EC8291B00B4B", "B599429672D35F0898136CCC25113D8FA5E242634C8CEB73C87851525F0DA4BB", "B8770E754BD944FA623CFE0E87FAB73310B0BF794A097A5864DF14B6A45B15DE", "B95C859528E2821892603F360127BB3563DF6115B490F316E124F29208FB3511", "B98F811575D2E16065FC8E4C211A8B74BBF4DCEBB02BCE8974D057BDB7A7A3B4", "BAC58F310A73AC5E5FAD84D6ECE65ABCF89CB378E0F1092F4F7D09F826B5874A", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89", "BF68FAD3CDDC1EF89A6E1816F361C2991126DB73F6E989C09DC7FB8DE5DCF82F", "C025789FA2A8DDB6C9C68DA1D0F68F1683F34A89FD9ABF7064BABF56DBCCD67E", "C09FB711C174C12F52503E2759D5CC8B4D40F4D1E018E27BB42EE31BB32CCD6C", "C0FCC5D279BEFE9806E8A80D16BECA9269D08733514F5E75C230F16777C34421", "C1ABD83F59F7956B106D85FAB93A6B43A5430EF38D53B5D809C3AC7F05FEEE8A", "C44205BD925B3B63D65D5FA991188252016274A35741248C9CE3855AD19580EC", "C53D3C47BD4A155045F99C1E4CBF677182A1008DEB57811C876885F82676C572", "C596338966F1610A28DC01FBB21502CC71651B70DBC8B96D9603EBE432E4D5E6", "C61272AAD42C3342F52FDEEAF76F6DCE5A2C3FF3C3CF7540B218B24B7CA5C12B", "CC12D53FC7AAA33AD0F4F6790BC041B7C3D9C62DCF7C92335E17507696F23398", "CD2B7B17CE7F61CA3A2FDCC35C19FE418DC9AB2EA0126463B7C9285931D572AD", "CDF395DCA76931626CDB7CC71C6A81A725FA69D7DD15259B58CC23FBAAF0244D", "CE9B7DAE68B959C5E4A5F965424DF5CB00879B1AB1296B115DB9CB1B8ACD054F", "D03B0EB9D33E29DBE71CE300C3891E52F52A955A1F5348A6E91F09C3927647E1", "D7F9F6844C0B2A7AD577E157F60824D8F5E539422CB268955C43FA58749778CA", "D93D4935148F7F3B13EA6EFB252FC805F8785D44154C48C5441B79CADDEC8988", "D97BB9BB53B939FF7B35193579188B04D16C39569BA1894B0DE24BF411876AEC", "DAADDB71389724193A70C12E9F8330362B8472859FBDEBD3A5DF3730A3B50431", "DBDF7B62F6BB6B8ABE8E864AB6CBAB13BAF35D120B81DFFD0E0880EED7F9F4F9", "DDC286A102F903AF2B73B62C4B9B6B164AD805B5A1C38820F523736F979F5A1A", "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE", "E1A1D552E78033169678134FE5961F6004062983C1F460B7BF4BC91470F5CDBC", "E23E5E368C5384B3BD0EA1D29DE09B49CF49A5F44632E304B0A1EEC8896477FE", "E242DE6552CDA604E263C10F96D7809D6E8112F767517A4B63D41C7B0D44B179", "E3B35F3E04652FAE6E9FBEE0D92DCFA4823E1547648C47F0F20643E610649EA7", "E4BF18E141DF994DA14A3731342314B60F8A9B7863C10CD9B3821AFA750D3B31", "E4FC892E8AC3743F52323C3E71CB36B20C92F7CB7EA5B793E1F9A6FC92FE4DA6", "E661C6421191DB8D60DC25995576ECD28F8538D31F59D40BAB7FA8CD127BB2C8", "E75CBB7CFBC1B3A83749883DA9B07688107AC477333503C7735A34D91DB19608", "E885A13E4B96E1D152C9AE2E650F10ADDF3F376F994F2B7919FFDCACA79C4E08", "E8B622A20154C0D070D4BFC473B062648A8B30F2DC4928FABC794E27583489A8", "EA440DE8D8500CEE72AA573EB37A7623160AC16030A96905609F0DA2A82F0971", "EA8F6026280EC5C6AA9C8A07C54623F78F9DEE9C998B454ABD6F0A27FDCF35E6", "EBF7FAC69068575846327A4CBDC56FA371BCD390746BA7B0C955566A104AD9B3", "EE46E4F493F456699A7CA10804D8498E26AB27FC70EDD6DB31949516494BA3D2", "EF3E1BF0DE5F016F1A98A8949DD7F8CAEA643BD1CE65EBCFA855B994473DB3F0", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "F47F7D0A6FF231FAB4DFD908C791F72AC22C869B27ACB9F25AA9C61F0E6F2A9D", "F65A53960215D7A6B10E3EDBAF16DDE9E3AA563F5E9427FA05CEFCC6F8CF7B6F", "F6A277D5EB211A9A3F13B9D708BC789AB41D5A7C41AA503DD52BE96CAC542086", "F7D8CC190EB2EEC81DB597D9AE0B7B2D297C1C2915915DECD42344B16CE3E429", "F847189F837954832A5D4C79716968441854E0CF05BFA8740F540844BB54683A", "F888D5954ED0A16F231E324379B3058253B264123956F7A5799DE57898BCD74E", "F968064DF1D870E093FB1CBB6C9BC42A2AAB61D61095B3E288687BFC31A52BFD", "FB73DD29E703B2E5FE969689D0C1C72E123F823CDE33C9FB0AA1F550080057EC", "FCBFB0CF72C1D0C2DF6362EB9276C011BB3576BCD5D43679BE083A875D64CF2D", "FCD1F2B6A6EBCC0ED4071B26367C683978C01FF7E8287DA4D600E165CED45E15", "FE1BF646F073E0CD70183824B616E6F0E4BCE19482B6A4D40D24FE61BAEF307F"]}, {"type": "ics", "idList": ["AA22-117A", "ICSA-21-119-03", "ICSA-21-131-03", "ICSA-21-133-02", "ICSA-21-147-02", "ICSA-21-245-01", "ICSA-21-334-04", "ICSA-22-069-09", "ICSA-22-256-01", "ICSA-23-075-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00088", "INTEL:INTEL-SA-00117"]}, {"type": "kaspersky", "idList": ["KLA11173", "KLA11179", "KLA11784", "KLA11785", "KLA12104", "KLA12105", "KLA12159"]}, {"type": "kitploit", "idList": ["KITPLOIT:8752367943592764867", "KITPLOIT:8917740741292426205"]}, {"type": "lenovo", "idList": ["LENOVO:PS500151-NOSID", "LENOVO:PS500151-READING-PRIVILEGED-MEMORY-WITH-A-SIDE-CHANNEL-NOSID", "LENOVO:PS500159-NOSID", "LENOVO:PS500159-NVIDIA-GRAPHICS-DRIVER-MULTIPLE-VULNERABILITIES-INCLUDING-FIXES-FOR-INTEL-SPECULATIVE-SIDE-CHANNEL-VULNERABILITIES-NOSID", "LENOVO:PS500167-NOSID", "LENOVO:PS500167-SPECULATIVE-EXECUTION-SIDE-CHANNEL-VULNERABILITY-VARIANTS-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2018-0071", "MGASA-2018-0073", "MGASA-2018-0074", "MGASA-2018-0075", "MGASA-2018-0076", "MGASA-2018-0077", "MGASA-2018-0078", "MGASA-2018-0079", "MGASA-2018-0080", "MGASA-2018-0082", "MGASA-2018-0101", "MGASA-2018-0106", "MGASA-2018-0107", "MGASA-2018-0124", "MGASA-2018-0125", "MGASA-2018-0126", "MGASA-2018-0127", "MGASA-2018-0134", "MGASA-2018-0153", "MGASA-2018-0172", "MGASA-2018-0176", "MGASA-2018-0187", "MGASA-2018-0260", "MGASA-2018-0264", "MGASA-2018-0286", "MGASA-2020-0135", "MGASA-2020-0255", "MGASA-2020-0277", "MGASA-2020-0392", "MGASA-2021-0030", "MGASA-2021-0031", "MGASA-2021-0047", "MGASA-2021-0053", "MGASA-2021-0056", "MGASA-2021-0058", "MGASA-2021-0109", "MGASA-2021-0110", "MGASA-2021-0151", "MGASA-2021-0152", "MGASA-2021-0220", "MGASA-2021-0298", "MGASA-2021-0300", "MGASA-2021-0357", "MGASA-2023-0138"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:3DDE32E41BE8356C194673EE3ED7FDBE", "MALWAREBYTES:C47D8F4321BF60FB315B6C46B47DF46F"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-SUDO_BARON_SAMEDIT-"]}, {"type": "mscve", "idList": ["MS:ADV180002", "MS:ADV180018"]}, {"type": "mskb", "idList": ["KB4073065", "KB4074590", "KB4093112", "KB4103723", "KB4284819", "KB4284826", "KB4284835", "KB4284860", "KB4284867", "KB4284874", "KB4284880", "KB4338815", "KB4338820", "KB4338824", "KB4338830", "KB4340583", "KB4343887", "KB4343897", "KB4343899", "KB4343900", "KB4343909", "KB4457128", "KB4462922", "KB4467678", "KB4467680", "KB4467686", "KB4467691", "KB4467696", "KB4467697", "KB4467700", "KB4467701", "KB4467702", "KB4467703", "KB4467706", "KB4467708", "KB4480957", "KB4480960", "KB4480963", "KB4480964", "KB4480968", "KB4480970", "KB4480972", "KB4480975", "KB4493446", "KB4493448", "KB4493464", "KB4493467", "KB4493472", "KB4494441"]}, {"type": "msrc", "idList": ["MSRC:3EC2FAA8CFB89D38DF89D5273501E00C", "MSRC:6FC32AE0E70835D60BB57881421FB14A"]}, {"type": "nessus", "idList": ["700321.PRM", "700322.PRM", "700325.PRM", "700513.PRM", "700545.PRM", "701350.PASL", "701351.PASL", "701385.PASL", "701386.PASL", "701387.PASL", "701388.PASL", "AIX_IJ03029.NASL", "AIX_IJ03030.NASL", "AIX_IJ03032.NASL", "AIX_IJ03033.NASL", "AIX_IJ03034.NASL", "AIX_IJ03035.NASL", "AIX_IJ03036.NASL", "AIX_IJ26985.NASL", "AIX_IJ26986.NASL", "AIX_IJ33276.NASL", "AIX_IJ33277.NASL", "AIX_IJ33278.NASL", "AIX_IJ33279.NASL", "AL2022_ALAS2022-2022-039.NASL", "AL2022_ALAS2022-2022-044.NASL", "AL2022_ALAS2022-2022-233.NASL", "AL2023_ALAS2023-2023-059.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2018-939.NASL", "AL2_ALAS-2018-942.NASL", "AL2_ALAS-2018-952.NASL", "AL2_ALAS-2018-953.NASL", "AL2_ALAS-2018-956.NASL", "AL2_ALAS-2018-962.NASL", "AL2_ALAS-2020-1449.NASL", "AL2_ALAS-2020-1495.NASL", "AL2_ALAS-2020-1520.NASL", "AL2_ALAS-2020-1556.NASL", "AL2_ALAS-2020-1566.NASL", "AL2_ALAS-2021-1582.NASL", "AL2_ALAS-2021-1588.NASL", "AL2_ALAS-2021-1590.NASL", "AL2_ALAS-2021-1599.NASL", "AL2_ALAS-2021-1600.NASL", "AL2_ALAS-2021-1605.NASL", "AL2_ALAS-2021-1610.NASL", "AL2_ALAS-2021-1614.NASL", "AL2_ALAS-2021-1616.NASL", "AL2_ALAS-2021-1623.NASL", "AL2_ALAS-2021-1629.NASL", "AL2_ALAS-2021-1635.NASL", "AL2_ALAS-2023-1944.NASL", "AL2_ALASKERNEL-5_10-2022-011.NASL", "AL2_ALASKERNEL-5_4-2022-001.NASL", "AL2_ALASKERNEL-5_4-2022-017.NASL", "AL2_ALASKERNEL-5_4-2022-018.NASL", "AL2_ALASKERNEL-5_4-2022-019.NASL", "AL2_ALASKERNEL-5_4-2022-023.NASL", "ALA_ALAS-2018-939.NASL", "ALA_ALAS-2018-942.NASL", "ALA_ALAS-2018-956.NASL", "ALA_ALAS-2020-1389.NASL", "ALA_ALAS-2020-1390.NASL", "ALA_ALAS-2020-1437.NASL", "ALA_ALAS-2020-1446.NASL", "ALA_ALAS-2020-1462.NASL", "ALA_ALAS-2021-1461.NASL", "ALA_ALAS-2021-1465.NASL", "ALA_ALAS-2021-1477.NASL", "ALA_ALAS-2021-1478.NASL", "ALA_ALAS-2021-1480.NASL", "ALA_ALAS-2021-1485.NASL", "ALA_ALAS-2021-1487.NASL", "ALA_ALAS-2021-1491.NASL", "ALA_ALAS-2021-1492.NASL", "ALA_ALAS-2021-1493.NASL", "ALA_ALAS-2021-1508.NASL", "ALA_ALAS-2021-1511.NASL", "ALA_ALAS-2021-1515.NASL", "ALA_ALAS-2022-1572.NASL", "ALMA_LINUX_ALSA-2020-5480.NASL", "ALMA_LINUX_ALSA-2021-0218.NASL", "ALMA_LINUX_ALSA-2021-0557.NASL", "ALMA_LINUX_ALSA-2021-0558.NASL", "ALMA_LINUX_ALSA-2021-0670.NASL", "ALMA_LINUX_ALSA-2021-1093.NASL", "ALMA_LINUX_ALSA-2021-1206.NASL", "ALMA_LINUX_ALSA-2021-1585.NASL", "ALMA_LINUX_ALSA-2021-1678.NASL", "ALMA_LINUX_ALSA-2021-1989.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "ALMA_LINUX_ALSA-2022-1988.NASL", "AMAZON_CORRETTO_11_0_11_9_1.NASL", "AMAZON_CORRETTO_16_0_1_9_1.NASL", "AMAZON_CORRETTO_8_292_10_1.NASL", "APPLE_IOS_1122_CHECK.NBIN", "APPLE_IOS_112_CHECK.NBIN", "AZUL_ZULU_16_30_20.NASL", "BIND9_91712_CVE-2021-25215.NASL", "BIND9_9172_CVE-2020-8625.NASL", "CENTOS8_RHSA-2020-1769.NASL", "CENTOS8_RHSA-2020-4444.NASL", "CENTOS8_RHSA-2020-5480.NASL", "CENTOS8_RHSA-2021-0003.NASL", "CENTOS8_RHSA-2021-0218.NASL", "CENTOS8_RHSA-2021-1093.NASL", "CENTOS8_RHSA-2021-1206.NASL", "CENTOS8_RHSA-2021-1301.NASL", "CENTOS8_RHSA-2021-1307.NASL", "CENTOS8_RHSA-2021-1585.NASL", "CENTOS8_RHSA-2021-1678.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "CENTOS_RHSA-2018-0007.NASL", "CENTOS_RHSA-2018-0008.NASL", "CENTOS_RHSA-2018-0012.NASL", "CENTOS_RHSA-2018-0013.NASL", "CENTOS_RHSA-2018-0014.NASL", "CENTOS_RHSA-2018-0023.NASL", "CENTOS_RHSA-2018-0029.NASL", "CENTOS_RHSA-2018-0030.NASL", "CENTOS_RHSA-2018-0093.NASL", "CENTOS_RHSA-2018-0094.NASL", "CENTOS_RHSA-2018-0151.NASL", "CENTOS_RHSA-2018-0512.NASL", "CENTOS_RHSA-2018-1062.NASL", "CENTOS_RHSA-2018-1319.NASL", "CENTOS_RHSA-2020-2530.NASL", "CENTOS_RHSA-2020-5350.NASL", "CENTOS_RHSA-2021-0221.NASL", "CENTOS_RHSA-2021-0343.NASL", "CENTOS_RHSA-2021-0348.NASL", "CENTOS_RHSA-2021-0671.NASL", "CENTOS_RHSA-2021-0742.NASL", "CENTOS_RHSA-2021-0856.NASL", "CENTOS_RHSA-2021-1071.NASL", "CENTOS_RHSA-2021-1145.NASL", "CENTOS_RHSA-2021-1297.NASL", "CENTOS_RHSA-2021-1298.NASL", "CENTOS_RHSA-2021-1469.NASL", "CENTOS_RHSA-2023-0399.NASL", "CITRIX_XENSERVER_CTX231390.NASL", "CITRIX_XENSERVER_CTX234679.NASL", "DEBIAN_DLA-1232.NASL", "DEBIAN_DLA-1349.NASL", "DEBIAN_DLA-1362.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DLA-1422.NASL", "DEBIAN_DLA-1423.NASL", "DEBIAN_DLA-1497.NASL", "DEBIAN_DLA-1506.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-2068.NASL", "DEBIAN_DLA-2114.NASL", "DEBIAN_DLA-2148.NASL", "DEBIAN_DLA-2209.NASL", "DEBIAN_DLA-2217.NASL", "DEBIAN_DLA-2279.NASL", "DEBIAN_DLA-2313.NASL", "DEBIAN_DLA-2323.NASL", "DEBIAN_DLA-2417.NASL", "DEBIAN_DLA-2420.NASL", "DEBIAN_DLA-2483.NASL", "DEBIAN_DLA-2494.NASL", "DEBIAN_DLA-2534.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2568.NASL", "DEBIAN_DLA-2570.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DLA-2610.NASL", "DEBIAN_DLA-2634.NASL", "DEBIAN_DLA-2647.NASL", "DEBIAN_DLA-2743.NASL", "DEBIAN_DLA-2760.NASL", "DEBIAN_DLA-3152.NASL", "DEBIAN_DLA-3160.NASL", "DEBIAN_DSA-4078.NASL", "DEBIAN_DSA-4082.NASL", "DEBIAN_DSA-4120.NASL", "DEBIAN_DSA-4179.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "DEBIAN_DSA-4213.NASL", "DEBIAN_DSA-4469.NASL", "DEBIAN_DSA-4710.NASL", "DEBIAN_DSA-4727.NASL", "DEBIAN_DSA-4746.NASL", "DEBIAN_DSA-4774.NASL", "DEBIAN_DSA-4839.NASL", "DEBIAN_DSA-4843.NASL", "DEBIAN_DSA-4857.NASL", "DEBIAN_DSA-4861.NASL", "DEBIAN_DSA-4891.NASL", "DEBIAN_DSA-4899.NASL", "DEBIAN_DSA-4909.NASL", "DEBIAN_DSA-4933.NASL", "DEBIAN_DSA-5265.NASL", "EULEROS_SA-2018-1001.NASL", "EULEROS_SA-2018-1002.NASL", "EULEROS_SA-2018-1014.NASL", "EULEROS_SA-2018-1015.NASL", "EULEROS_SA-2018-1016.NASL", "EULEROS_SA-2018-1017.NASL", "EULEROS_SA-2018-1020.NASL", "EULEROS_SA-2018-1021.NASL", "EULEROS_SA-2018-1233.NASL", "EULEROS_SA-2018-1236.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1514.NASL", "EULEROS_SA-2019-1515.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-1637.NASL", "EULEROS_SA-2019-1638.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1012.NASL", "EULEROS_SA-2020-1158.NASL", "EULEROS_SA-2020-1288.NASL", "EULEROS_SA-2020-1308.NASL", "EULEROS_SA-2020-1369.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1514.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1599.NASL", "EULEROS_SA-2020-1645.NASL", "EULEROS_SA-2020-1667.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1712.NASL", "EULEROS_SA-2020-1820.NASL", "EULEROS_SA-2020-1829.NASL", "EULEROS_SA-2020-1894.NASL", "EULEROS_SA-2020-1932.NASL", "EULEROS_SA-2020-1943.NASL", "EULEROS_SA-2020-1958.NASL", "EULEROS_SA-2020-1967.NASL", "EULEROS_SA-2020-2056.NASL", "EULEROS_SA-2020-2085.NASL", "EULEROS_SA-2020-2093.NASL", "EULEROS_SA-2020-2131.NASL", "EULEROS_SA-2020-2151.NASL", "EULEROS_SA-2020-2155.NASL", "EULEROS_SA-2020-2169.NASL", "EULEROS_SA-2020-2179.NASL", "EULEROS_SA-2020-2292.NASL", "EULEROS_SA-2020-2303.NASL", "EULEROS_SA-2020-2311.NASL", "EULEROS_SA-2020-2353.NASL", "EULEROS_SA-2020-2370.NASL", "EULEROS_SA-2020-2380.NASL", "EULEROS_SA-2020-2411.NASL", "EULEROS_SA-2020-2429.NASL", "EULEROS_SA-2020-2443.NASL", "EULEROS_SA-2020-2459.NASL", "EULEROS_SA-2020-2485.NASL", "EULEROS_SA-2020-2498.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1005.NASL", "EULEROS_SA-2021-1009.NASL", "EULEROS_SA-2021-1024.NASL", "EULEROS_SA-2021-1028.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1040.NASL", "EULEROS_SA-2021-1056.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1142.NASL", "EULEROS_SA-2021-1148.NASL", "EULEROS_SA-2021-1173.NASL", "EULEROS_SA-2021-1200.NASL", "EULEROS_SA-2021-1246.NASL", "EULEROS_SA-2021-1257.NASL", "EULEROS_SA-2021-1265.NASL", "EULEROS_SA-2021-1276.NASL", "EULEROS_SA-2021-1299.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1366.NASL", "EULEROS_SA-2021-1375.NASL", "EULEROS_SA-2021-1382.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1390.NASL", "EULEROS_SA-2021-1396.NASL", "EULEROS_SA-2021-1412.NASL", "EULEROS_SA-2021-1424.NASL", "EULEROS_SA-2021-1454.NASL", "EULEROS_SA-2021-1477.NASL", "EULEROS_SA-2021-1501.NASL", "EULEROS_SA-2021-1520.NASL", "EULEROS_SA-2021-1537.NASL", "EULEROS_SA-2021-1550.NASL", "EULEROS_SA-2021-1575.NASL", "EULEROS_SA-2021-1600.NASL", "EULEROS_SA-2021-1604.NASL", "EULEROS_SA-2021-1614.NASL", "EULEROS_SA-2021-1621.NASL", "EULEROS_SA-2021-1630.NASL", "EULEROS_SA-2021-1642.NASL", "EULEROS_SA-2021-1643.NASL", "EULEROS_SA-2021-1660.NASL", "EULEROS_SA-2021-1669.NASL", "EULEROS_SA-2021-1676.NASL", "EULEROS_SA-2021-1684.NASL", "EULEROS_SA-2021-1707.NASL", "EULEROS_SA-2021-1713.NASL", "EULEROS_SA-2021-1715.NASL", "EULEROS_SA-2021-1725.NASL", "EULEROS_SA-2021-1739.NASL", "EULEROS_SA-2021-1750.NASL", "EULEROS_SA-2021-1751.NASL", "EULEROS_SA-2021-1766.NASL", "EULEROS_SA-2021-1790.NASL", "EULEROS_SA-2021-1808.NASL", "EULEROS_SA-2021-1848.NASL", "EULEROS_SA-2021-1856.NASL", "EULEROS_SA-2021-1865.NASL", "EULEROS_SA-2021-1879.NASL", "EULEROS_SA-2021-1888.NASL", "EULEROS_SA-2021-1891.NASL", "EULEROS_SA-2021-1894.NASL", "EULEROS_SA-2021-1904.NASL", "EULEROS_SA-2021-1913.NASL", "EULEROS_SA-2021-1915.NASL", "EULEROS_SA-2021-1918.NASL", "EULEROS_SA-2021-1929.NASL", "EULEROS_SA-2021-1939.NASL", "EULEROS_SA-2021-1950.NASL", "EULEROS_SA-2021-1975.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-1995.NASL", "EULEROS_SA-2021-2002.NASL", "EULEROS_SA-2021-2008.NASL", "EULEROS_SA-2021-2013.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2042.NASL", "EULEROS_SA-2021-2057.NASL", "EULEROS_SA-2021-2068.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2083.NASL", "EULEROS_SA-2021-2092.NASL", "EULEROS_SA-2021-2136.NASL", "EULEROS_SA-2021-2140.NASL", "EULEROS_SA-2021-2157.NASL", "EULEROS_SA-2021-2170.NASL", "EULEROS_SA-2021-2180.NASL", "EULEROS_SA-2021-2194.NASL", "EULEROS_SA-2021-2221.NASL", "EULEROS_SA-2021-2236.NASL", "EULEROS_SA-2021-2262.NASL", "EULEROS_SA-2021-2300.NASL", "EULEROS_SA-2021-2307.NASL", "EULEROS_SA-2021-2320.NASL", "EULEROS_SA-2021-2335.NASL", "EULEROS_SA-2021-2336.NASL", "EULEROS_SA-2021-2354.NASL", "EULEROS_SA-2021-2389.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2021-2435.NASL", "EULEROS_SA-2021-2447.NASL", "EULEROS_SA-2021-2496.NASL", "EULEROS_SA-2021-2536.NASL", "EULEROS_SA-2021-2560.NASL", "EULEROS_SA-2021-2572.NASL", "EULEROS_SA-2021-2587.NASL", "EULEROS_SA-2021-2734.NASL", "EULEROS_SA-2021-2786.NASL", "EULEROS_SA-2021-2857.NASL", "EULEROS_SA-2021-2867.NASL", "EULEROS_SA-2022-1084.NASL", "EULEROS_SA-2022-1109.NASL", "EULEROS_SA-2022-1122.NASL", "EULEROS_SA-2022-2724.NASL", "EULEROS_SA-2022-2759.NASL", "EULEROS_SA-2022-2817.NASL", "EULEROS_SA-2022-2823.NASL", "EULEROS_SA-2022-2842.NASL", "EULEROS_SA-2023-1007.NASL", "EULEROS_SA-2023-1032.NASL", "EULEROS_SA-2023-1144.NASL", "EULEROS_SA-2023-1147.NASL", "EULEROS_SA-2023-1165.NASL", "EULEROS_SA-2023-1188.NASL", "EULEROS_SA-2023-1218.NASL", "EULEROS_SA-2023-1244.NASL", "F5_BIGIP_SOL09604370.NASL", "F5_BIGIP_SOL27238230.NASL", "F5_BIGIP_SOL33101555.NASL", "F5_BIGIP_SOL38481791.NASL", "F5_BIGIP_SOL40508224.NASL", "F5_BIGIP_SOL68251873.NASL", "F5_BIGIP_SOL71522481.NASL", "F5_BIGIP_SOL91229003.NASL", "F5_BIGIP_SOL96223611.NASL", "FEDORA_2018-0590E4AF13.NASL", "FEDORA_2018-690989736A.NASL", "FEDORA_2018-9F02E5ED7B.NASL", "FEDORA_2020-244EFC27AF.NASL", "FEDORA_2020-3C6FEDEB83.NASL", "FEDORA_2020-4021BF2AE8.NASL", "FEDORA_2020-5920A7A0B2.NASL", "FEDORA_2020-7F625C5EA8.NASL", "FEDORA_2020-98CCAE320C.NASL", "FEDORA_2020-B732958765.NASL", "FEDORA_2020-BC0CC81A7A.NASL", "FEDORA_2020-CE396E7D5C.NASL", "FEDORA_2020-E211716D08.NASL", "FEDORA_2020-FD73C08076.NASL", "FEDORA_2021-0595625865.NASL", "FEDORA_2021-082E638D02.NASL", "FEDORA_2021-28F97E232D.NASL", "FEDORA_2021-2CB63D912A.NASL", "FEDORA_2021-4A91649CF3.NASL", "FEDORA_2021-5E9894A0C5.NASL", "FEDORA_2021-620FB40359.NASL", "FEDORA_2021-6E581C051A.NASL", "FEDORA_2021-6FEB090C97.NASL", "FEDORA_2021-8840CBDCCD.NASL", "FEDORA_2021-9107EEB95C.NASL", "FREEBSD_PKG_1CE95BC7327811E8B52700012E582166.NASL", "FREEBSD_PKG_676CA4869C1E11EA8B5EB42E99A1B9C3.NASL", "FREEBSD_PKG_6FD773D3BC5A11EAB38DF0DEF1D0C3EA.NASL", "FREEBSD_PKG_74DAA370279711E895ECA4BADB2F4699.NASL", "FREEBSD_PKG_F3CF4B33601311EB9A0E206A8A720317.NASL", "FREEBSD_PKG_FBE10A8A05A111EA9DFAF8B156AC3FF9.NASL", "GENTOO_GLSA-201804-08.NASL", "GENTOO_GLSA-201810-06.NASL", "GENTOO_GLSA-202006-03.NASL", "GENTOO_GLSA-202006-04.NASL", "GENTOO_GLSA-202006-21.NASL", "GENTOO_GLSA-202008-12.NASL", "GENTOO_GLSA-202101-20.NASL", "GENTOO_GLSA-202101-33.NASL", "GENTOO_GLSA-202105-11.NASL", "GENTOO_GLSA-202105-31.NASL", "GENTOO_GLSA-202107-07.NASL", "GENTOO_GLSA-202208-34.NASL", "GENTOO_GLSA-202209-05.NASL", "GOOGLE_CHROME_64_0_3282_119.NASL", "IBM_JAVA_2021_04_20.NASL", "LINUX_CVE-2021-3156.NBIN", "LINUX_KERNEL_SPECULATIVE_EXECUTION_DETECT.NBIN", "MACOSX_FIREFOX_57_0_4.NASL", "MACOSX_FUSION_VMSA_2017_0021.NASL", "MACOSX_FUSION_VMSA_2018_0004.NASL", "MACOSX_SAFARI11_0_2_PATCH_2018_01_08.NASL", "MACOSX_SECUPD2018-001.NASL", "MACOS_10_13_2.NASL", "MACOS_HT212177.NASL", "MCAFEE_EPO_SB10332.NASL", "MICROSOFT_WINDOWS_SPEC_EXECUTION.NBIN", "MOZILLA_FIREFOX_57_0_4.NASL", "MYSQL_8_0_26.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_24.NASL", "NEWSTART_CGSL_NS-SA-2019-0007_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0016_DRACUT.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0125_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2020-0055_TOMCAT.NASL", "NEWSTART_CGSL_NS-SA-2021-0001_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0032_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0053_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0062_NET-SNMP.NASL", "NEWSTART_CGSL_NS-SA-2021-0089_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0095_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0099_PERL.NASL", "NEWSTART_CGSL_NS-SA-2021-0101_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0103_SCREEN.NASL", "NEWSTART_CGSL_NS-SA-2021-0104_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0106_BIND.NASL", "NEWSTART_CGSL_NS-SA-2021-0109_NETTLE.NASL", "NEWSTART_CGSL_NS-SA-2021-0115_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0119_BIND.NASL", "NEWSTART_CGSL_NS-SA-2021-0120_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0126_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0127_PERL.NASL", "NEWSTART_CGSL_NS-SA-2021-0132_NETTLE.NASL", "NEWSTART_CGSL_NS-SA-2021-0133_GNUTLS.NASL", "NEWSTART_CGSL_NS-SA-2021-0134_PERL.NASL", "NEWSTART_CGSL_NS-SA-2021-0135_TOMCAT.NASL", "NEWSTART_CGSL_NS-SA-2021-0150_NET-SNMP.NASL", "NEWSTART_CGSL_NS-SA-2021-0177_BIND.NASL", "NEWSTART_CGSL_NS-SA-2021-0178_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0180_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0184_PERL.NASL", "NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0008_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0009_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0028_BIND.NASL", "NEWSTART_CGSL_NS-SA-2022-0028_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2022-0035_SCREEN.NASL", "NEWSTART_CGSL_NS-SA-2022-0039_NETTLE.NASL", "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0051_BIND.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0073_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0074_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0075_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0085_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0089_KERNEL.NASL", "NUTANIX_NXSA-AHV-20201105_1045.NASL", "NUTANIX_NXSA-AHV-20201105_1082.NASL", "NUTANIX_NXSA-AHV-20201105_1161.NASL", "NUTANIX_NXSA-AHV-20201105_2030.NASL", "NUTANIX_NXSA-AHV-20201105_2076.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_15_5_5.NASL", "NUTANIX_NXSA-AOS-5_15_6.NASL", "NUTANIX_NXSA-AOS-5_15_7.NASL", "NUTANIX_NXSA-AOS-5_16_1_3.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_17_1_3.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "NUTANIX_NXSA-AOS-5_19_2.NASL", "NUTANIX_NXSA-AOS-5_20.NASL", "NUTANIX_NXSA-AOS-5_20_1.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0_1.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "NUTANIX_NXSA-AOS-6_5_2_6.NASL", "NUTANIX_NXSA-AOS-6_5_3.NASL", "NVIDIA_UNIX_CVE_2017_5753.NASL", "NVIDIA_WIN_CVE_2017_5753.NASL", "OPENJDK_20_04_2021.NASL", "OPENSUSE-2018-1.NASL", "OPENSUSE-2018-118.NASL", "OPENSUSE-2018-153.NASL", "OPENSUSE-2018-169.NASL", "OPENSUSE-2018-2.NASL", "OPENSUSE-2018-20.NASL", "OPENSUSE-2018-24.NASL", "OPENSUSE-2018-266.NASL", "OPENSUSE-2018-284.NASL", "OPENSUSE-2018-291.NASL", "OPENSUSE-2018-3.NASL", "OPENSUSE-2018-32.NASL", "OPENSUSE-2018-358.NASL", "OPENSUSE-2018-4.NASL", "OPENSUSE-2018-454.NASL", "OPENSUSE-2018-551.NASL", "OPENSUSE-2018-590.NASL", "OPENSUSE-2018-599.NASL", "OPENSUSE-2018-75.NASL", "OPENSUSE-2018-762.NASL", "OPENSUSE-2018-8.NASL", "OPENSUSE-2018-825.NASL", "OPENSUSE-2018-9.NASL", "OPENSUSE-2018-938.NASL", "OPENSUSE-2019-418.NASL", "OPENSUSE-2019-536.NASL", "OPENSUSE-2019-587.NASL", "OPENSUSE-2020-1586.NASL", "OPENSUSE-2020-1655.NASL", "OPENSUSE-2020-1682.NASL", "OPENSUSE-2020-1698.NASL", "OPENSUSE-2020-1901.NASL", "OPENSUSE-2020-1906.NASL", "OPENSUSE-2020-2034.NASL", "OPENSUSE-2020-2112.NASL", "OPENSUSE-2020-2161.NASL", "OPENSUSE-2020-2193.NASL", "OPENSUSE-2020-2260.NASL", "OPENSUSE-2020-336.NASL", "OPENSUSE-2020-381.NASL", "OPENSUSE-2020-711.NASL", "OPENSUSE-2020-850.NASL", "OPENSUSE-2021-1176.NASL", "OPENSUSE-2021-1212.NASL", "OPENSUSE-2021-1455.NASL", "OPENSUSE-2021-1666.NASL", "OPENSUSE-2021-169.NASL", "OPENSUSE-2021-170.NASL", "OPENSUSE-2021-1826.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-1989.NASL", "OPENSUSE-2021-241.NASL", "OPENSUSE-2021-242.NASL", "OPENSUSE-2021-2798.NASL", "OPENSUSE-2021-2861.NASL", "OPENSUSE-2021-304.NASL", "OPENSUSE-2021-358.NASL", "OPENSUSE-2021-3615.NASL", "OPENSUSE-2021-375.NASL", "OPENSUSE-2021-496.NASL", "OPENSUSE-2021-532.NASL", "OPENSUSE-2021-60.NASL", "OPENSUSE-2021-602.NASL", "OPENSUSE-2021-635.NASL", "OPENSUSE-2021-668.NASL", "OPENSUSE-2021-719.NASL", "OPENSUSE-2021-75.NASL", "OPENSUSE-2021-758.NASL", "OPENSUSE-2021-776.NASL", "OPENSUSE-2021-933.NASL", "OPENSUSE-2022-0050-1.NASL", "OPENSUSE-2022-0108-1.NASL", "OPENSUSE-2022-0818-1.NASL", "OPENSUSE-2022-0940-1.NASL", "ORACLELINUX_ELSA-2018-0007.NASL", "ORACLELINUX_ELSA-2018-0008.NASL", "ORACLELINUX_ELSA-2018-0012.NASL", "ORACLELINUX_ELSA-2018-0013.NASL", "ORACLELINUX_ELSA-2018-0023.NASL", "ORACLELINUX_ELSA-2018-0024.NASL", "ORACLELINUX_ELSA-2018-0029.NASL", "ORACLELINUX_ELSA-2018-0030.NASL", "ORACLELINUX_ELSA-2018-0093.NASL", "ORACLELINUX_ELSA-2018-0151.NASL", "ORACLELINUX_ELSA-2018-0512.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-4004.NASL", "ORACLELINUX_ELSA-2018-4006.NASL", "ORACLELINUX_ELSA-2018-4011.NASL", "ORACLELINUX_ELSA-2018-4017.NASL", "ORACLELINUX_ELSA-2018-4018.NASL", "ORACLELINUX_ELSA-2018-4019.NASL", "ORACLELINUX_ELSA-2018-4020.NASL", "ORACLELINUX_ELSA-2018-4022.NASL", "ORACLELINUX_ELSA-2018-4025.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4088.NASL", "ORACLELINUX_ELSA-2018-4089.NASL", "ORACLELINUX_ELSA-2018-4109.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLELINUX_ELSA-2019-4710.NASL", "ORACLELINUX_ELSA-2020-2529.NASL", "ORACLELINUX_ELSA-2020-2530.NASL", "ORACLELINUX_ELSA-2020-4444.NASL", "ORACLELINUX_ELSA-2020-5129.NASL", "ORACLELINUX_ELSA-2020-5350.NASL", "ORACLELINUX_ELSA-2020-5480.NASL", "ORACLELINUX_ELSA-2020-5569.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5671.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2020-5709.NASL", "ORACLELINUX_ELSA-2020-5710.NASL", "ORACLELINUX_ELSA-2020-5912.NASL", "ORACLELINUX_ELSA-2020-5995.NASL", "ORACLELINUX_ELSA-2020-5996.NASL", "ORACLELINUX_ELSA-2021-0003.NASL", "ORACLELINUX_ELSA-2021-0218.NASL", "ORACLELINUX_ELSA-2021-0221.NASL", "ORACLELINUX_ELSA-2021-0336.NASL", "ORACLELINUX_ELSA-2021-0343.NASL", "ORACLELINUX_ELSA-2021-0348.NASL", "ORACLELINUX_ELSA-2021-0557.NASL", "ORACLELINUX_ELSA-2021-0558.NASL", "ORACLELINUX_ELSA-2021-0670.NASL", "ORACLELINUX_ELSA-2021-0671.NASL", "ORACLELINUX_ELSA-2021-0742.NASL", "ORACLELINUX_ELSA-2021-0856.NASL", "ORACLELINUX_ELSA-2021-1071.NASL", "ORACLELINUX_ELSA-2021-1093.NASL", "ORACLELINUX_ELSA-2021-1145.NASL", "ORACLELINUX_ELSA-2021-1206.NASL", "ORACLELINUX_ELSA-2021-1297.NASL", "ORACLELINUX_ELSA-2021-1298.NASL", "ORACLELINUX_ELSA-2021-1301.NASL", "ORACLELINUX_ELSA-2021-1307.NASL", "ORACLELINUX_ELSA-2021-1469.NASL", "ORACLELINUX_ELSA-2021-1585.NASL", "ORACLELINUX_ELSA-2021-1678.NASL", "ORACLELINUX_ELSA-2021-1989.NASL", "ORACLELINUX_ELSA-2021-4356.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLELINUX_ELSA-2021-9005.NASL", "ORACLELINUX_ELSA-2021-9006.NASL", "ORACLELINUX_ELSA-2021-9007.NASL", "ORACLELINUX_ELSA-2021-9008.NASL", "ORACLELINUX_ELSA-2021-9009.NASL", "ORACLELINUX_ELSA-2021-9019.NASL", "ORACLELINUX_ELSA-2021-9023.NASL", "ORACLELINUX_ELSA-2021-9024.NASL", "ORACLELINUX_ELSA-2021-9025.NASL", "ORACLELINUX_ELSA-2021-9035.NASL", "ORACLELINUX_ELSA-2021-9037.NASL", "ORACLELINUX_ELSA-2021-9038.NASL", "ORACLELINUX_ELSA-2021-9039.NASL", "ORACLELINUX_ELSA-2021-9112.NASL", "ORACLELINUX_ELSA-2021-9113.NASL", "ORACLELINUX_ELSA-2021-9114.NASL", "ORACLELINUX_ELSA-2021-9115.NASL", "ORACLELINUX_ELSA-2021-9116.NASL", "ORACLELINUX_ELSA-2021-9117.NASL", "ORACLELINUX_ELSA-2021-9140.NASL", "ORACLELINUX_ELSA-2021-9141.NASL", "ORACLELINUX_ELSA-2021-9164.NASL", "ORACLELINUX_ELSA-2021-9169.NASL", "ORACLELINUX_ELSA-2021-9172.NASL", "ORACLELINUX_ELSA-2021-9175.NASL", "ORACLELINUX_ELSA-2021-9212.NASL", "ORACLELINUX_ELSA-2021-9213.NASL", "ORACLELINUX_ELSA-2021-9238.NASL", "ORACLELINUX_ELSA-2021-9280.NASL", "ORACLELINUX_ELSA-2021-9306.NASL", "ORACLELINUX_ELSA-2021-9307.NASL", "ORACLELINUX_ELSA-2021-9344.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "ORACLELINUX_ELSA-2022-9244.NASL", "ORACLELINUX_ELSA-2022-9245.NASL", "ORACLELINUX_ELSA-2022-9273.NASL", "ORACLELINUX_ELSA-2022-9274.NASL", "ORACLELINUX_ELSA-2022-9313.NASL", "ORACLELINUX_ELSA-2022-9314.NASL", "ORACLELINUX_ELSA-2023-0399.NASL", "ORACLEVM_OVMSA-2018-0004.NASL", "ORACLEVM_OVMSA-2018-0005.NASL", "ORACLEVM_OVMSA-2018-0006.NASL", "ORACLEVM_OVMSA-2018-0007.NASL", "ORACLEVM_OVMSA-2018-0008.NASL", "ORACLEVM_OVMSA-2018-0010.NASL", "ORACLEVM_OVMSA-2018-0011.NASL", "ORACLEVM_OVMSA-2018-0012.NASL", "ORACLEVM_OVMSA-2018-0013.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0016.NASL", "ORACLEVM_OVMSA-2018-0017.NASL", "ORACLEVM_OVMSA-2018-0020.NASL", "ORACLEVM_OVMSA-2018-0021.NASL", "ORACLEVM_OVMSA-2018-0028.NASL", "ORACLEVM_OVMSA-2018-0029.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0041.NASL", "ORACLEVM_OVMSA-2018-0218.NASL", "ORACLEVM_OVMSA-2018-0224.NASL", "ORACLEVM_OVMSA-2018-0238.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2019-0035.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2020-0026.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLEVM_OVMSA-2020-0052.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "ORACLEVM_OVMSA-2021-0003.NASL", "ORACLEVM_OVMSA-2021-0005.NASL", "ORACLEVM_OVMSA-2021-0008.NASL", "ORACLEVM_OVMSA-2021-0012.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2021.NASL", "ORACLE_JAVA_CPU_APR_2021.NASL", "ORACLE_JAVA_CPU_APR_2021_UNIX.NASL", "ORACLE_RDBMS_CPU_APR_2021.NASL", "ORACLE_RDBMS_CPU_JAN_2021.NASL", "ORACLE_RDBMS_CPU_JAN_2023.NASL", "ORACLE_RDBMS_CPU_JAN_2023_WIN.NASL", "ORACLE_RDBMS_CPU_JUL_2021.NASL", "ORACLE_RDBMS_CPU_OCT_2021.NASL", "ORACLE_RDBMS_CPU_OCT_2022.NASL", "PFSENSE_SA-18_03.NASL", "PHOTONOS_PHSA-2018-1_0-0097.NASL", "PHOTONOS_PHSA-2018-1_0-0097_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0098.NASL", "PHOTONOS_PHSA-2018-1_0-0098_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0010.NASL", "PHOTONOS_PHSA-2018-2_0-0010_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0011.NASL", "PHOTONOS_PHSA-2018-2_0-0011_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "PHOTONOS_PHSA-2020-1_0-0300_GLIBC.NASL", "PHOTONOS_PHSA-2020-1_0-0301_PERL.NASL", "PHOTONOS_PHSA-2020-1_0-0302_PERL.NASL", "PHOTONOS_PHSA-2020-1_0-0318_NET.NASL", "PHOTONOS_PHSA-2020-1_0-0328_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0338_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0350_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0242_GLIBC.NASL", "PHOTONOS_PHSA-2020-2_0-0248_APACHE.NASL", "PHOTONOS_PHSA-2020-2_0-0254_PERL.NASL", "PHOTONOS_PHSA-2020-2_0-0279_NET.NASL", "PHOTONOS_PHSA-2020-2_0-0286_LINUX.NASL", "PHOTONOS_PHSA-2020-2_0-0295_LINUX.NASL", "PHOTONOS_PHSA-2020-3_0-0100_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0104_PERL.NASL", "PHOTONOS_PHSA-2020-3_0-0138_NET.NASL", "PHOTONOS_PHSA-2020-3_0-0144_LINUX.NASL", "PHOTONOS_PHSA-2021-1_0-0353_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0354_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0358_SUDO.NASL", "PHOTONOS_PHSA-2021-1_0-0370_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-1_0-0372_APACHE.NASL", "PHOTONOS_PHSA-2021-1_0-0375_LINUX.NASL", "PHOTONOS_PHSA-2021-1_0-0383_NETTLE.NASL", "PHOTONOS_PHSA-2021-1_0-0391_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0308_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0314_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0315_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0315_SUDO.NASL", "PHOTONOS_PHSA-2021-2_0-0328_APACHE.NASL", "PHOTONOS_PHSA-2021-2_0-0328_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0332_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0339_NETTLE.NASL", "PHOTONOS_PHSA-2021-2_0-0348_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-3_0-0182_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0185_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0188_SUDO.NASL", "PHOTONOS_PHSA-2021-3_0-0189_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0207_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-3_0-0208_APACHE.NASL", "PHOTONOS_PHSA-2021-3_0-0210_LINUX.NASL", "PHOTONOS_PHSA-2021-3_0-0223_NETTLE.NASL", "PHOTONOS_PHSA-2021-3_0-0240_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-4_0-0005_GLIBC.NASL", "PHOTONOS_PHSA-2021-4_0-0006_PERL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_APACHE.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0012_NETTLE.NASL", "PHOTONOS_PHSA-2021-4_0-0039_BINDUTILS.NASL", "RANCHEROS_1_1_3.NASL", "RANCHEROS_1_1_4.NASL", "RANCHEROS_1_4_0.NASL", "REDHAT-RHSA-2018-0007.NASL", "REDHAT-RHSA-2018-0008.NASL", "REDHAT-RHSA-2018-0009.NASL", "REDHAT-RHSA-2018-0010.NASL", "REDHAT-RHSA-2018-0011.NASL", "REDHAT-RHSA-2018-0012.NASL", "REDHAT-RHSA-2018-0013.NASL", "REDHAT-RHSA-2018-0014.NASL", "REDHAT-RHSA-2018-0015.NASL", "REDHAT-RHSA-2018-0016.NASL", "REDHAT-RHSA-2018-0017.NASL", "REDHAT-RHSA-2018-0018.NASL", "REDHAT-RHSA-2018-0020.NASL", "REDHAT-RHSA-2018-0021.NASL", "REDHAT-RHSA-2018-0022.NASL", "REDHAT-RHSA-2018-0023.NASL", "REDHAT-RHSA-2018-0024.NASL", "REDHAT-RHSA-2018-0025.NASL", "REDHAT-RHSA-2018-0026.NASL", "REDHAT-RHSA-2018-0027.NASL", "REDHAT-RHSA-2018-0028.NASL", "REDHAT-RHSA-2018-0029.NASL", "REDHAT-RHSA-2018-0030.NASL", "REDHAT-RHSA-2018-0031.NASL", "REDHAT-RHSA-2018-0032.NASL", "REDHAT-RHSA-2018-0034.NASL", "REDHAT-RHSA-2018-0035.NASL", "REDHAT-RHSA-2018-0036.NASL", "REDHAT-RHSA-2018-0037.NASL", "REDHAT-RHSA-2018-0038.NASL", "REDHAT-RHSA-2018-0039.NASL", "REDHAT-RHSA-2018-0040.NASL", "REDHAT-RHSA-2018-0044.NASL", "REDHAT-RHSA-2018-0045.NASL", "REDHAT-RHSA-2018-0046.NASL", "REDHAT-RHSA-2018-0047.NASL", "REDHAT-RHSA-2018-0048.NASL", "REDHAT-RHSA-2018-0050.NASL", "REDHAT-RHSA-2018-0051.NASL", "REDHAT-RHSA-2018-0052.NASL", "REDHAT-RHSA-2018-0053.NASL", "REDHAT-RHSA-2018-0093.NASL", "REDHAT-RHSA-2018-0094.NASL", "REDHAT-RHSA-2018-0103.NASL", "REDHAT-RHSA-2018-0104.NASL", "REDHAT-RHSA-2018-0105.NASL", "REDHAT-RHSA-2018-0106.NASL", "REDHAT-RHSA-2018-0107.NASL", "REDHAT-RHSA-2018-0108.NASL", "REDHAT-RHSA-2018-0109.NASL", "REDHAT-RHSA-2018-0110.NASL", "REDHAT-RHSA-2018-0111.NASL", "REDHAT-RHSA-2018-0112.NASL", "REDHAT-RHSA-2018-0151.NASL", "REDHAT-RHSA-2018-0182.NASL", "REDHAT-RHSA-2018-0292.NASL", "REDHAT-RHSA-2018-0496.NASL", "REDHAT-RHSA-2018-0512.NASL", "REDHAT-RHSA-2018-0654.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2018-1129.NASL", "REDHAT-RHSA-2018-1216.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1346.NASL", "REDHAT-RHSA-2018-1349.NASL", "REDHAT-RHSA-2018-1350.NASL", "REDHAT-RHSA-2018-1351.NASL", "REDHAT-RHSA-2018-1374.NASL", "REDHAT-RHSA-2018-1967.NASL", "REDHAT-RHSA-2020-1567.NASL", "REDHAT-RHSA-2020-1769.NASL", "REDHAT-RHSA-2020-2483.NASL", "REDHAT-RHSA-2020-2506.NASL", "REDHAT-RHSA-2020-2529.NASL", "REDHAT-RHSA-2020-2530.NASL", "REDHAT-RHSA-2020-4444.NASL", "REDHAT-RHSA-2020-5129.NASL", "REDHAT-RHSA-2020-5201.NASL", "REDHAT-RHSA-2020-5350.NASL", "REDHAT-RHSA-2020-5372.NASL", "REDHAT-RHSA-2020-5420.NASL", "REDHAT-RHSA-2020-5480.NASL", "REDHAT-RHSA-2021-0003.NASL", "REDHAT-RHSA-2021-0004.NASL", "REDHAT-RHSA-2021-0184.NASL", "REDHAT-RHSA-2021-0189.NASL", "REDHAT-RHSA-2021-0218.NASL", "REDHAT-RHSA-2021-0219.NASL", "REDHAT-RHSA-2021-0220.NASL", "REDHAT-RHSA-2021-0221.NASL", "REDHAT-RHSA-2021-0222.NASL", "REDHAT-RHSA-2021-0223.NASL", "REDHAT-RHSA-2021-0224.NASL", "REDHAT-RHSA-2021-0225.NASL", "REDHAT-RHSA-2021-0226.NASL", "REDHAT-RHSA-2021-0227.NASL", "REDHAT-RHSA-2021-0257.NASL", "REDHAT-RHSA-2021-0336.NASL", "REDHAT-RHSA-2021-0338.NASL", "REDHAT-RHSA-2021-0343.NASL", "REDHAT-RHSA-2021-0348.NASL", "REDHAT-RHSA-2021-0354.NASL", "REDHAT-RHSA-2021-0358.NASL", "REDHAT-RHSA-2021-0395.NASL", "REDHAT-RHSA-2021-0401.NASL", "REDHAT-RHSA-2021-0525.NASL", "REDHAT-RHSA-2021-0537.NASL", "REDHAT-RHSA-2021-0557.NASL", "REDHAT-RHSA-2021-0558.NASL", "REDHAT-RHSA-2021-0669.NASL", "REDHAT-RHSA-2021-0670.NASL", "REDHAT-RHSA-2021-0671.NASL", "REDHAT-RHSA-2021-0672.NASL", "REDHAT-RHSA-2021-0686.NASL", "REDHAT-RHSA-2021-0689.NASL", "REDHAT-RHSA-2021-0691.NASL", "REDHAT-RHSA-2021-0692.NASL", "REDHAT-RHSA-2021-0693.NASL", "REDHAT-RHSA-2021-0694.NASL", "REDHAT-RHSA-2021-0727.NASL", "REDHAT-RHSA-2021-0742.NASL", "REDHAT-RHSA-2021-0763.NASL", "REDHAT-RHSA-2021-0765.NASL", "REDHAT-RHSA-2021-0774.NASL", "REDHAT-RHSA-2021-0848.NASL", "REDHAT-RHSA-2021-0856.NASL", "REDHAT-RHSA-2021-0857.NASL", "REDHAT-RHSA-2021-0862.NASL", "REDHAT-RHSA-2021-0878.NASL", "REDHAT-RHSA-2021-0883.NASL", "REDHAT-RHSA-2021-0922.NASL", "REDHAT-RHSA-2021-0940.NASL", "REDHAT-RHSA-2021-1028.NASL", "REDHAT-RHSA-2021-1031.NASL", "REDHAT-RHSA-2021-1032.NASL", "REDHAT-RHSA-2021-1069.NASL", "REDHAT-RHSA-2021-1070.NASL", "REDHAT-RHSA-2021-1071.NASL", "REDHAT-RHSA-2021-1081.NASL", "REDHAT-RHSA-2021-1093.NASL", "REDHAT-RHSA-2021-1145.NASL", "REDHAT-RHSA-2021-1171.NASL", "REDHAT-RHSA-2021-1173.NASL", "REDHAT-RHSA-2021-1206.NASL", "REDHAT-RHSA-2021-1245.NASL", "REDHAT-RHSA-2021-1246.NASL", "REDHAT-RHSA-2021-1266.NASL", "REDHAT-RHSA-2021-1267.NASL", "REDHAT-RHSA-2021-1272.NASL", "REDHAT-RHSA-2021-1279.NASL", "REDHAT-RHSA-2021-1288.NASL", "REDHAT-RHSA-2021-1289.NASL", "REDHAT-RHSA-2021-1295.NASL", "REDHAT-RHSA-2021-1297.NASL", "REDHAT-RHSA-2021-1298.NASL", "REDHAT-RHSA-2021-1299.NASL", "REDHAT-RHSA-2021-1301.NASL", "REDHAT-RHSA-2021-1305.NASL", "REDHAT-RHSA-2021-1306.NASL", "REDHAT-RHSA-2021-1307.NASL", "REDHAT-RHSA-2021-1315.NASL", "REDHAT-RHSA-2021-1373.NASL", "REDHAT-RHSA-2021-1376.NASL", "REDHAT-RHSA-2021-1377.NASL", "REDHAT-RHSA-2021-1379.NASL", "REDHAT-RHSA-2021-1468.NASL", "REDHAT-RHSA-2021-1469.NASL", "REDHAT-RHSA-2021-1475.NASL", "REDHAT-RHSA-2021-1476.NASL", "REDHAT-RHSA-2021-1477.NASL", "REDHAT-RHSA-2021-1478.NASL", "REDHAT-RHSA-2021-1479.NASL", "REDHAT-RHSA-2021-1531.NASL", "REDHAT-RHSA-2021-1532.NASL", "REDHAT-RHSA-2021-1585.NASL", "REDHAT-RHSA-2021-1678.NASL", "REDHAT-RHSA-2021-1989.NASL", "REDHAT-RHSA-2021-2024.NASL", "REDHAT-RHSA-2021-2028.NASL", "REDHAT-RHSA-2021-2099.NASL", "REDHAT-RHSA-2021-2106.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2167.NASL", "REDHAT-RHSA-2021-2184.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "REDHAT-RHSA-2021-2280.NASL", "REDHAT-RHSA-2021-2355.NASL", "REDHAT-RHSA-2021-2356.NASL", "REDHAT-RHSA-2021-2523.NASL", "REDHAT-RHSA-2021-2561.NASL", "REDHAT-RHSA-2021-2732.NASL", "REDHAT-RHSA-2021-2758.NASL", "REDHAT-RHSA-2021-2760.NASL", "REDHAT-RHSA-2021-2792.NASL", "REDHAT-RHSA-2021-2813.NASL", "REDHAT-RHSA-2021-2998.NASL", "REDHAT-RHSA-2021-3315.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "REDHAT-RHSA-2022-1074.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "REDHAT-RHSA-2022-6735.NASL", "REDHAT-RHSA-2022-6755.NASL", "REDHAT-RHSA-2022-6756.NASL", "REDHAT-RHSA-2023-0187.NASL", "REDHAT-RHSA-2023-0399.NASL", "REDHAT-RHSA-2023-0400.NASL", "ROCKY_LINUX_RLSA-2021-1989.NASL", "SLACKWARE_SSA_2018-016-01.NASL", "SLACKWARE_SSA_2018-037-01.NASL", "SLACKWARE_SSA_2018-057-01.NASL", "SLACKWARE_SSA_2020-295-01.NASL", "SLACKWARE_SSA_2021-026-01.NASL", "SLACKWARE_SSA_2021-072-01.NASL", "SLACKWARE_SSA_2021-118-01.NASL", "SLACKWARE_SSA_2021-145-01.NASL", "SL_20180103_KERNEL_ON_SL6_X.NASL", "SL_20180103_KERNEL_ON_SL7_X.NASL", "SL_20180103_MICROCODE_CTL_ON_SL6_X.NASL", "SL_20180103_MICROCODE_CTL_ON_SL7_X.NASL", "SL_20180104_LIBVIRT_ON_SL6_X.NASL", "SL_20180104_LIBVIRT_ON_SL7_X.NASL", "SL_20180104_LINUX_FIRMWARE_ON_SL7_X.NASL", "SL_20180104_QEMU_KVM_ON_SL6_X.NASL", "SL_20180104_QEMU_KVM_ON_SL7_X.NASL", "SL_20180116_LINUX_FIRMWARE_ON_SL7_X.NASL", "SL_20180116_MICROCODE_CTL_ON_SL6_X.NASL", "SL_20180125_KERNEL_ON_SL7_X.NASL", "SL_20180313_KERNEL_ON_SL6_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SL_20200611_TOMCAT6_ON_SL6_X.NASL", "SL_20200611_TOMCAT_ON_SL7_X.NASL", "SL_20201124_NET_SNMP_ON_SL6_X.NASL", "SL_20201207_NET_SNMP_ON_SL7_X.NASL", "SL_20210126_SUDO_ON_SL7_X.NASL", "SL_20210202_GLIBC_ON_SL7_X.NASL", "SL_20210202_KERNEL_ON_SL7_X.NASL", "SL_20210202_PERL_ON_SL7_X.NASL", "SL_20210301_BIND_ON_SL7_X.NASL", "SL_20210308_SCREEN_ON_SL7_X.NASL", "SL_20230124_KERNEL_ON_SL7_X.NASL", "SMB_ADV180002_MSSQL.NASL", "SMB_NT_MS18_APR_4093112.NASL", "SMB_NT_MS18_FEB_4074590.NASL", "SMB_NT_MS18_FEB_4074591.NASL", "SMB_NT_MS18_FEB_4074592.NASL", "SMB_NT_MS18_FEB_4074596.NASL", "SMB_NT_MS18_JAN_4056888.NASL", "SMB_NT_MS18_JAN_4056890.NASL", "SMB_NT_MS18_JAN_4056891.NASL", "SMB_NT_MS18_JAN_4056892.NASL", "SMB_NT_MS18_JAN_4056893.NASL", "SMB_NT_MS18_JAN_4056897.NASL", "SMB_NT_MS18_JAN_4056898.NASL", "SMB_NT_MS18_MAR_4088875.NASL", "SMB_NT_MS18_MAR_4088876.NASL", "SMB_NT_MS18_MAR_4088877.NASL", "SMB_NT_MS18_SEP_MICROCODE.NASL", "SMB_NT_MS19_JAN_MICROCODE.NASL", "SOLARIS_APR2018_SRU11_3_31_6_0.NASL", "SUSE_SU-2018-0006-1.NASL", "SUSE_SU-2018-0007-1.NASL", "SUSE_SU-2018-0009-1.NASL", "SUSE_SU-2018-0010-1.NASL", "SUSE_SU-2018-0011-1.NASL", "SUSE_SU-2018-0012-1.NASL", "SUSE_SU-2018-0019-1.NASL", "SUSE_SU-2018-0020-1.NASL", "SUSE_SU-2018-0031-1.NASL", "SUSE_SU-2018-0036-1.NASL", "SUSE_SU-2018-0039-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0056-1.NASL", "SUSE_SU-2018-0067-1.NASL", "SUSE_SU-2018-0068-1.NASL", "SUSE_SU-2018-0069-1.NASL", "SUSE_SU-2018-0113-1.NASL", "SUSE_SU-2018-0114-1.NASL", "SUSE_SU-2018-0115-1.NASL", "SUSE_SU-2018-0131-1.NASL", "SUSE_SU-2018-0171-1.NASL", "SUSE_SU-2018-0179-1.NASL", "SUSE_SU-2018-0191-1.NASL", "SUSE_SU-2018-0219-1.NASL", "SUSE_SU-2018-0383-1.NASL", "SUSE_SU-2018-0416-1.NASL", "SUSE_SU-2018-0437-1.NASL", "SUSE_SU-2018-0438-1.NASL", "SUSE_SU-2018-0472-1.NASL", "SUSE_SU-2018-0525-1.NASL", "SUSE_SU-2018-0555-1.NASL", "SUSE_SU-2018-0601-1.NASL", "SUSE_SU-2018-0609-1.NASL", "SUSE_SU-2018-0638-1.NASL", "SUSE_SU-2018-0660-1.NASL", "SUSE_SU-2018-0678-1.NASL", "SUSE_SU-2018-0705-1.NASL", "SUSE_SU-2018-0708-1.NASL", "SUSE_SU-2018-0757-1.NASL", "SUSE_SU-2018-0762-1.NASL", "SUSE_SU-2018-0831-1.NASL", "SUSE_SU-2018-0838-1.NASL", "SUSE_SU-2018-0861-1.NASL", "SUSE_SU-2018-0909-1.NASL", "SUSE_SU-2018-0920-1.NASL", "SUSE_SU-2018-1077-1.NASL", "SUSE_SU-2018-1080-1.NASL", "SUSE_SU-2018-1177-1.NASL", "SUSE_SU-2018-1181-1.NASL", "SUSE_SU-2018-1184-1.NASL", "SUSE_SU-2018-1202-1.NASL", "SUSE_SU-2018-1203-1.NASL", "SUSE_SU-2018-1216-1.NASL", "SUSE_SU-2018-1295-1.NASL", "SUSE_SU-2018-1308-1.NASL", "SUSE_SU-2018-1363-1.NASL", "SUSE_SU-2018-1368-1.NASL", "SUSE_SU-2018-1376-1.NASL", "SUSE_SU-2018-1386-1.NASL", "SUSE_SU-2018-1498-1.NASL", "SUSE_SU-2018-1503-1.NASL", "SUSE_SU-2018-1603-1.NASL", "SUSE_SU-2018-1658-1.NASL", "SUSE_SU-2018-1699-1.NASL", "SUSE_SU-2018-1699-2.NASL", "SUSE_SU-2018-1759-1.NASL", "SUSE_SU-2018-1784-1.NASL", "SUSE_SU-2018-2082-1.NASL", "SUSE_SU-2018-2092-1.NASL", "SUSE_SU-2018-2141-1.NASL", "SUSE_SU-2018-2528-1.NASL", "SUSE_SU-2018-2631-1.NASL", "SUSE_SU-2018-2631-2.NASL", "SUSE_SU-2018-3230-1.NASL", "SUSE_SU-2019-0222-1.NASL", "SUSE_SU-2019-0765-1.NASL", "SUSE_SU-2019-13999-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-3316-1.NASL", "SUSE_SU-2019-3379-1.NASL", "SUSE_SU-2019-3381-1.NASL", "SUSE_SU-2019-3389-1.NASL", "SUSE_SU-2020-0093-1.NASL", "SUSE_SU-2020-0558-1.NASL", "SUSE_SU-2020-0559-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0580-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0613-1.NASL", "SUSE_SU-2020-0668-1.NASL", "SUSE_SU-2020-0832-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-14354-1.NASL", "SUSE_SU-2020-14375-1.NASL", "SUSE_SU-2020-1662-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-1682-1.NASL", "SUSE_SU-2020-1682-2.NASL", "SUSE_SU-2020-2879-1.NASL", "SUSE_SU-2020-2904-1.NASL", "SUSE_SU-2020-2905-1.NASL", "SUSE_SU-2020-2907-1.NASL", "SUSE_SU-2020-2972-1.NASL", "SUSE_SU-2020-2980-1.NASL", "SUSE_SU-2020-2981-1.NASL", "SUSE_SU-2020-3014-1.NASL", "SUSE_SU-2020-3024-1.NASL", "SUSE_SU-2020-3122-1.NASL", "SUSE_SU-2020-3230-1.NASL", "SUSE_SU-2020-3272-1.NASL", "SUSE_SU-2020-3273-1.NASL", "SUSE_SU-2020-3281-1.NASL", "SUSE_SU-2020-3326-1.NASL", "SUSE_SU-2020-3433-1.NASL", "SUSE_SU-2020-3501-1.NASL", "SUSE_SU-2020-3503-1.NASL", "SUSE_SU-2020-3507-1.NASL", "SUSE_SU-2020-3513-1.NASL", "SUSE_SU-2020-3522-1.NASL", "SUSE_SU-2020-3532-1.NASL", "SUSE_SU-2020-3544-1.NASL", "SUSE_SU-2020-3648-1.NASL", "SUSE_SU-2020-3651-1.NASL", "SUSE_SU-2020-3656-1.NASL", "SUSE_SU-2020-3717-1.NASL", "SUSE_SU-2020-3718-1.NASL", "SUSE_SU-2020-3748-1.NASL", "SUSE_SU-2020-3764-1.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0093-1.NASL", "SUSE_SU-2021-0095-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0108-1.NASL", "SUSE_SU-2021-0117-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0225-1.NASL", "SUSE_SU-2021-0226-1.NASL", "SUSE_SU-2021-0227-1.NASL", "SUSE_SU-2021-0232-1.NASL", "SUSE_SU-2021-0348-1.NASL", "SUSE_SU-2021-0353-1.NASL", "SUSE_SU-2021-0354-1.NASL", "SUSE_SU-2021-0408-1.NASL", "SUSE_SU-2021-0427-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0491-1.NASL", "SUSE_SU-2021-0492-1.NASL", "SUSE_SU-2021-0503-1.NASL", "SUSE_SU-2021-0504-1.NASL", "SUSE_SU-2021-0507-1.NASL", "SUSE_SU-2021-0608-1.NASL", "SUSE_SU-2021-0653-1.NASL", "SUSE_SU-2021-0743-1.NASL", "SUSE_SU-2021-0744-1.NASL", "SUSE_SU-2021-0835-1.NASL", "SUSE_SU-2021-0870-1.NASL", "SUSE_SU-2021-0928-1.NASL", "SUSE_SU-2021-1074-1.NASL", "SUSE_SU-2021-1075-1.NASL", "SUSE_SU-2021-1165-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-1267-1.NASL", "SUSE_SU-2021-1273-1.NASL", "SUSE_SU-2021-1274-1.NASL", "SUSE_SU-2021-1275-1.NASL", "SUSE_SU-2021-1314-1.NASL", "SUSE_SU-2021-1399-1.NASL", "SUSE_SU-2021-1412-1.NASL", "SUSE_SU-2021-14630-1.NASL", "SUSE_SU-2021-14632-1.NASL", "SUSE_SU-2021-1468-1.NASL", "SUSE_SU-2021-1469-1.NASL", "SUSE_SU-2021-14705-1.NASL", "SUSE_SU-2021-1471-1.NASL", "SUSE_SU-2021-14714-1.NASL", "SUSE_SU-2021-14724-1.NASL", "SUSE_SU-2021-14849-1.NASL", "SUSE_SU-2021-1554-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1617-1.NASL", "SUSE_SU-2021-1623-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1826-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-1980-1.NASL", "SUSE_SU-2021-1989-1.NASL", "SUSE_SU-2021-2577-1.NASL", "SUSE_SU-2021-2797-1.NASL", "SUSE_SU-2021-2798-1.NASL", "SUSE_SU-2021-2861-1.NASL", "SUSE_SU-2021-2862-1.NASL", "SUSE_SU-2021-3007-1.NASL", "SUSE_SU-2021-3929-1.NASL", "SUSE_SU-2021-3935-1.NASL", "SUSE_SU-2021-4191-1.NASL", "SUSE_SU-2022-0030-1.NASL", "SUSE_SU-2022-0050-1.NASL", "SUSE_SU-2022-0050-2.NASL", "SUSE_SU-2022-0107-1.NASL", "SUSE_SU-2022-0108-1.NASL", "SUSE_SU-2022-0166-1.NASL", "SUSE_SU-2022-0694-1.NASL", "SUSE_SU-2022-0695-1.NASL", "SUSE_SU-2022-0784-1.NASL", "SUSE_SU-2022-0818-1.NASL", "SUSE_SU-2022-0931-1.NASL", "SUSE_SU-2022-0939-1.NASL", "SUSE_SU-2022-0940-1.NASL", "SUSE_SU-2022-1285-1.NASL", "SUSE_SU-2022-1300-1.NASL", "SUSE_SU-2022-1359-1.NASL", "SUSE_SU-2022-1375-1.NASL", "SUSE_SU-2022-1408-1.NASL", "SUSE_SU-2022-14875-1.NASL", "SUSE_SU-2022-14876-1.NASL", "SUSE_SU-2022-2886-1.NASL", "SUSE_SU-2023-0634-1.NASL", "SUSE_SU-2023-1800-1.NASL", "SUSE_SU-2023-1801-1.NASL", "SUSE_SU-2023-1802-1.NASL", "SUSE_SU-2023-1803-1.NASL", "SUSE_SU-2023-1811-1.NASL", "SUSE_SU-2023-1848-1.NASL", "SUSE_SU-2023-1894-1.NASL", "SUSE_SU-2023-1897-1.NASL", "SUSE_SU-2023-1992-1.NASL", "TOMCAT_10_0_0_M5.NASL", "TOMCAT_10_0_16.NASL", "TOMCAT_10_0_2.NASL", "TOMCAT_10_1_0_M10.NASL", "TOMCAT_7_0_104.NASL", "TOMCAT_7_0_108.NASL", "TOMCAT_8_5_55.NASL", "TOMCAT_8_5_63.NASL", "TOMCAT_8_5_75.NASL", "TOMCAT_9_0_35.NASL", "TOMCAT_9_0_43.NASL", "TOMCAT_9_0_58.NASL", "UBUNTU_USN-3516-1.NASL", "UBUNTU_USN-3521-1.NASL", "UBUNTU_USN-3522-1.NASL", "UBUNTU_USN-3522-2.NASL", "UBUNTU_USN-3522-3.NASL", "UBUNTU_USN-3522-4.NASL", "UBUNTU_USN-3523-1.NASL", "UBUNTU_USN-3523-2.NASL", "UBUNTU_USN-3524-1.NASL", "UBUNTU_USN-3530-1.NASL", "UBUNTU_USN-3531-1.NASL", "UBUNTU_USN-3531-2.NASL", "UBUNTU_USN-3531-3.NASL", "UBUNTU_USN-3540-1.NASL", "UBUNTU_USN-3540-2.NASL", "UBUNTU_USN-3541-1.NASL", "UBUNTU_USN-3541-2.NASL", "UBUNTU_USN-3542-1.NASL", "UBUNTU_USN-3549-1.NASL", "UBUNTU_USN-3560-1.NASL", "UBUNTU_USN-3561-1.NASL", "UBUNTU_USN-3581-1.NASL", "UBUNTU_USN-3581-2.NASL", "UBUNTU_USN-3582-1.NASL", "UBUNTU_USN-3582-2.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3594-1.NASL", "UBUNTU_USN-3597-1.NASL", "UBUNTU_USN-3597-2.NASL", "UBUNTU_USN-3690-1.NASL", "UBUNTU_USN-3690-2.NASL", "UBUNTU_USN-3777-3.NASL", "UBUNTU_USN-4226-1.NASL", "UBUNTU_USN-4255-1.NASL", "UBUNTU_USN-4255-2.NASL", "UBUNTU_USN-4285-1.NASL", "UBUNTU_USN-4287-1.NASL", "UBUNTU_USN-4416-1.NASL", "UBUNTU_USN-4448-1.NASL", "UBUNTU_USN-4471-1.NASL", "UBUNTU_USN-4471-2.NASL", "UBUNTU_USN-4596-1.NASL", "UBUNTU_USN-4602-1.NASL", "UBUNTU_USN-4657-1.NASL", "UBUNTU_USN-4658-1.NASL", "UBUNTU_USN-4659-1.NASL", "UBUNTU_USN-4660-1.NASL", "UBUNTU_USN-4679-1.NASL", "UBUNTU_USN-4680-1.NASL", "UBUNTU_USN-4681-1.NASL", "UBUNTU_USN-4694-1.NASL", "UBUNTU_USN-4705-1.NASL", "UBUNTU_USN-4707-1.NASL", "UBUNTU_USN-4709-1.NASL", "UBUNTU_USN-4711-1.NASL", "UBUNTU_USN-4713-1.NASL", "UBUNTU_USN-4713-2.NASL", "UBUNTU_USN-4737-1.NASL", "UBUNTU_USN-4747-1.NASL", "UBUNTU_USN-4748-1.NASL", "UBUNTU_USN-4749-1.NASL", "UBUNTU_USN-4750-1.NASL", "UBUNTU_USN-4751-1.NASL", "UBUNTU_USN-4752-1.NASL", "UBUNTU_USN-4753-1.NASL", "UBUNTU_USN-4883-1.NASL", "UBUNTU_USN-4887-1.NASL", "UBUNTU_USN-4892-1.NASL", "UBUNTU_USN-4906-1.NASL", "UBUNTU_USN-4912-1.NASL", "UBUNTU_USN-4929-1.NASL", "UBUNTU_USN-5310-1.NASL", "UBUNTU_USN-5360-1.NASL", "UBUNTU_USN-5415-1.NASL", "UBUNTU_USN-5417-1.NASL", "UBUNTU_USN-5418-1.NASL", "UBUNTU_USN-5768-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6014-1.NASL", "VIRTUALBOX_5_2_6.NASL", "VIRTUOZZO_VZA-2018-002.NASL", "VIRTUOZZO_VZA-2018-003.NASL", "VIRTUOZZO_VZA-2018-006.NASL", "VIRTUOZZO_VZA-2018-029.NASL", "VMWARE_ESXI_VMSA-2017-0021.NASL", "VMWARE_ESXI_VMSA-2018-0004.NASL", "VMWARE_PLAYER_WIN_VMSA_2017_0021.NASL", "VMWARE_PLAYER_WIN_VMSA_2018_0004.NASL", "VMWARE_VCENTER_VMSA-2018-0004.NASL", "VMWARE_VCENTER_VMSA-2018-0007.NASL", "VMWARE_VMSA-2018-0002.NASL", "VMWARE_VMSA-2018-0004.NASL", "VMWARE_WORKSTATION_WIN_VMSA_2017_0021.NASL", "VMWARE_WORKSTATION_WIN_VMSA_2018_0004.NASL", "WEB_APPLICATION_SCANNING_112426", "WEB_APPLICATION_SCANNING_112427", "WEB_APPLICATION_SCANNING_112428", "WEB_APPLICATION_SCANNING_112429", "WEB_APPLICATION_SCANNING_112709", "WEB_APPLICATION_SCANNING_112710", "WEB_APPLICATION_SCANNING_112711", "WEB_APPLICATION_SCANNING_112712", "XEN_SERVER_XSA-254.NASL"]}, {"type": "nvidia", "idList": ["NVIDIA:4609", "NVIDIA:4610", "NVIDIA:4611", "NVIDIA:4613", "NVIDIA:4614", "NVIDIA:4616", "NVIDIA:4617", "NVIDIA:4704"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107830", "OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310143963", "OPENVAS:1361412562310143964", "OPENVAS:1361412562310144174", "OPENVAS:1361412562310704078", "OPENVAS:1361412562310704082", "OPENVAS:1361412562310704120", "OPENVAS:1361412562310704179", "OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310704213", "OPENVAS:1361412562310704469", "OPENVAS:1361412562310704710", "OPENVAS:1361412562310704727", "OPENVAS:1361412562310812284", "OPENVAS:1361412562310812289", "OPENVAS:1361412562310812290", "OPENVAS:1361412562310812291", "OPENVAS:1361412562310812292", "OPENVAS:1361412562310812293", "OPENVAS:1361412562310812294", "OPENVAS:1361412562310812295", "OPENVAS:1361412562310812296", "OPENVAS:1361412562310812384", "OPENVAS:1361412562310812386", "OPENVAS:1361412562310812397", "OPENVAS:1361412562310812398", "OPENVAS:1361412562310812399", "OPENVAS:1361412562310812400", "OPENVAS:1361412562310812600", "OPENVAS:1361412562310812601", "OPENVAS:1361412562310812602", "OPENVAS:1361412562310812603", "OPENVAS:1361412562310812604", "OPENVAS:1361412562310812605", "OPENVAS:1361412562310812629", "OPENVAS:1361412562310812641", "OPENVAS:1361412562310812642", "OPENVAS:1361412562310812643", "OPENVAS:1361412562310812662", "OPENVAS:1361412562310812678", "OPENVAS:1361412562310812740", "OPENVAS:1361412562310813652", "OPENVAS:1361412562310814014", "OPENVAS:1361412562310815020", "OPENVAS:1361412562310815033", "OPENVAS:1361412562310815034", "OPENVAS:1361412562310843405", "OPENVAS:1361412562310843409", "OPENVAS:1361412562310843410", "OPENVAS:1361412562310843411", "OPENVAS:1361412562310843412", "OPENVAS:1361412562310843413", "OPENVAS:1361412562310843414", "OPENVAS:1361412562310843415", "OPENVAS:1361412562310843418", "OPENVAS:1361412562310843419", "OPENVAS:1361412562310843420", "OPENVAS:1361412562310843423", "OPENVAS:1361412562310843424", "OPENVAS:1361412562310843426", "OPENVAS:1361412562310843427", "OPENVAS:1361412562310843428", "OPENVAS:1361412562310843429", "OPENVAS:1361412562310843436", "OPENVAS:1361412562310843442", "OPENVAS:1361412562310843443", "OPENVAS:1361412562310843455", "OPENVAS:1361412562310843457", "OPENVAS:1361412562310843458", "OPENVAS:1361412562310843459", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843472", "OPENVAS:1361412562310843473", "OPENVAS:1361412562310843474", "OPENVAS:1361412562310843567", "OPENVAS:1361412562310843581", "OPENVAS:1361412562310843664", "OPENVAS:1361412562310843781", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310844312", "OPENVAS:1361412562310844318", "OPENVAS:1361412562310844341", "OPENVAS:1361412562310844347", "OPENVAS:1361412562310844490", "OPENVAS:1361412562310851673", "OPENVAS:1361412562310851674", "OPENVAS:1361412562310851676", "OPENVAS:1361412562310851677", "OPENVAS:1361412562310851678", "OPENVAS:1361412562310851680", "OPENVAS:1361412562310851681", "OPENVAS:1361412562310851686", "OPENVAS:1361412562310851693", "OPENVAS:1361412562310851698", "OPENVAS:1361412562310851704", "OPENVAS:1361412562310851716", "OPENVAS:1361412562310851722", "OPENVAS:1361412562310851724", "OPENVAS:1361412562310851730", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310851776", "OPENVAS:1361412562310851782", "OPENVAS:1361412562310851869", "OPENVAS:1361412562310851978", "OPENVAS:1361412562310851987", "OPENVAS:1361412562310852050", "OPENVAS:1361412562310853070", "OPENVAS:1361412562310853179", "OPENVAS:1361412562310853226", "OPENVAS:1361412562310874007", "OPENVAS:1361412562310874035", "OPENVAS:1361412562310874779", "OPENVAS:1361412562310874871", "OPENVAS:1361412562310874988", "OPENVAS:1361412562310877643", "OPENVAS:1361412562310877670", "OPENVAS:1361412562310877684", "OPENVAS:1361412562310877942", "OPENVAS:1361412562310877967", "OPENVAS:1361412562310877986", "OPENVAS:1361412562310877995", "OPENVAS:1361412562310882820", "OPENVAS:1361412562310882821", "OPENVAS:1361412562310882822", "OPENVAS:1361412562310882823", "OPENVAS:1361412562310882824", "OPENVAS:1361412562310882827", "OPENVAS:1361412562310882828", "OPENVAS:1361412562310882829", "OPENVAS:1361412562310882836", "OPENVAS:1361412562310882855", "OPENVAS:1361412562310882875", "OPENVAS:1361412562310883252", "OPENVAS:1361412562310891232", "OPENVAS:1361412562310891349", "OPENVAS:1361412562310891369", "OPENVAS:1361412562310891422", "OPENVAS:1361412562310891497", "OPENVAS:1361412562310891506", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310892068", "OPENVAS:1361412562310892114", "OPENVAS:1361412562310892148", "OPENVAS:1361412562310892209", "OPENVAS:1361412562310892217", "OPENVAS:1361412562310892279", "OPENVAS:1361412562310910000", "OPENVAS:1361412562310910001", "OPENVAS:1361412562311220181001", "OPENVAS:1361412562311220181002", "OPENVAS:1361412562311220181014", "OPENVAS:1361412562311220181015", "OPENVAS:1361412562311220181016", "OPENVAS:1361412562311220181017", "OPENVAS:1361412562311220181020", "OPENVAS:1361412562311220181021", "OPENVAS:1361412562311220181233", "OPENVAS:1361412562311220181236", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191514", "OPENVAS:1361412562311220191515", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220191637", "OPENVAS:1361412562311220191638", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201012", "OPENVAS:1361412562311220201158", "OPENVAS:1361412562311220201288", "OPENVAS:1361412562311220201308", "OPENVAS:1361412562311220201369", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201599", "OPENVAS:1361412562311220201645", "OPENVAS:1361412562311220201667", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201712"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-2020-12-09-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0007", "ELSA-2018-0008", "ELSA-2018-0012", "ELSA-2018-0013", "ELSA-2018-0023", "ELSA-2018-0024", "ELSA-2018-0029", "ELSA-2018-0030", "ELSA-2018-0093", "ELSA-2018-0151", "ELSA-2018-0169", "ELSA-2018-0292", "ELSA-2018-0816", "ELSA-2018-1062", "ELSA-2018-1196-1", "ELSA-2018-1319", "ELSA-2018-1854", "ELSA-2018-2162", "ELSA-2018-4004", "ELSA-2018-4006", "ELSA-2018-4011", "ELSA-2018-4012", "ELSA-2018-4017", "ELSA-2018-4018", "ELSA-2018-4019", "ELSA-2018-4020", "ELSA-2018-4021", "ELSA-2018-4022", "ELSA-2018-4025", "ELSA-2018-4071", "ELSA-2018-4088", "ELSA-2018-4089", "ELSA-2018-4109", "ELSA-2018-4110", "ELSA-2018-4285", "ELSA-2018-4289", "ELSA-2019-4585", "ELSA-2019-4630", "ELSA-2019-4668", "ELSA-2019-4702", "ELSA-2019-4710", "ELSA-2019-4732", "ELSA-2019-4785", "ELSA-2020-2529", "ELSA-2020-2530", "ELSA-2020-4004", "ELSA-2020-4444", "ELSA-2020-5129", "ELSA-2020-5350", "ELSA-2020-5473", "ELSA-2020-5480", "ELSA-2020-5569", "ELSA-2020-5670", "ELSA-2020-5671", "ELSA-2020-5676", "ELSA-2020-5709", "ELSA-2020-5710", "ELSA-2020-5861", "ELSA-2020-5912", "ELSA-2020-5913", "ELSA-2020-5914", "ELSA-2020-5923", "ELSA-2020-5924", "ELSA-2020-5995", "ELSA-2020-5996", "ELSA-2021-0003", "ELSA-2021-0218", "ELSA-2021-0221", "ELSA-2021-0336", "ELSA-2021-0343", "ELSA-2021-0348", "ELSA-2021-0557", "ELSA-2021-0558", "ELSA-2021-0670", "ELSA-2021-0671", "ELSA-2021-0742", "ELSA-2021-0856", "ELSA-2021-1071", "ELSA-2021-1093", "ELSA-2021-1145", "ELSA-2021-1206", "ELSA-2021-1297", "ELSA-2021-1298", "ELSA-2021-1301", "ELSA-2021-1307", "ELSA-2021-1469", "ELSA-2021-1585", "ELSA-2021-1678", "ELSA-2021-1989", "ELSA-2021-4356", "ELSA-2021-9002", "ELSA-2021-9005", "ELSA-2021-9006", "ELSA-2021-9007", "ELSA-2021-9008", "ELSA-2021-9009", "ELSA-2021-9019", "ELSA-2021-9023", "ELSA-2021-9024", "ELSA-2021-9025", "ELSA-2021-9030", "ELSA-2021-9034", "ELSA-2021-9035", "ELSA-2021-9037", "ELSA-2021-9038", "ELSA-2021-9039", "ELSA-2021-9052", "ELSA-2021-9112", "ELSA-2021-9113", "ELSA-2021-9114", "ELSA-2021-9115", "ELSA-2021-9116", "ELSA-2021-9117", "ELSA-2021-9140", "ELSA-2021-9141", "ELSA-2021-9164", "ELSA-2021-9169", "ELSA-2021-9172", "ELSA-2021-9175", "ELSA-2021-9212", "ELSA-2021-9213", "ELSA-2021-9238", "ELSA-2021-9280", "ELSA-2021-9306", "ELSA-2021-9307", "ELSA-2021-9344"]}, {"type": "osv", "idList": ["OSV:ASB-A-174737742", "OSV:ASB-A-174737972", "OSV:ASB-A-175451802", "OSV:DLA-1232-1", "OSV:DLA-1349-1", "OSV:DLA-1362-1", "OSV:DLA-1369-1", "OSV:DLA-1422-1", "OSV:DLA-1422-2", "OSV:DLA-1423-1", "OSV:DLA-1497-1", "OSV:DLA-1731-1", "OSV:DLA-2068-1", "OSV:DLA-2114-1", "OSV:DLA-2148-1", "OSV:DLA-2209-1", "OSV:DLA-2217-1", "OSV:DLA-2279-1", "OSV:DLA-2299-1", "OSV:DLA-2313-1", "OSV:DLA-2323-1", "OSV:DLA-2417-1", "OSV:DLA-2420-1", "OSV:DLA-2483-1", "OSV:DLA-2494-1", "OSV:DLA-2534-1", "OSV:DLA-2557-1", "OSV:DLA-2568-1", "OSV:DLA-2570-1", "OSV:DLA-2586-1", "OSV:DLA-2594-1", "OSV:DLA-2610-1", "OSV:DLA-2634-1", "OSV:DLA-2647-1", "OSV:DLA-2743-1", "OSV:DLA-2760-1", "OSV:DLA-3152-1", "OSV:DLA-3160-1", "OSV:DSA-4078-1", "OSV:DSA-4082-1", "OSV:DSA-4120-1", "OSV:DSA-4120-2", "OSV:DSA-4179-1", "OSV:DSA-4187-1", "OSV:DSA-4188-1", "OSV:DSA-4201-1", "OSV:DSA-4213-1", "OSV:DSA-4469-1", "OSV:DSA-4710-1", "OSV:DSA-4727-1", "OSV:DSA-4746-1", "OSV:DSA-4774-1", "OSV:DSA-4839-1", "OSV:DSA-4843-1", "OSV:DSA-4857-1", "OSV:DSA-4861-1", "OSV:DSA-4891-1", "OSV:DSA-4899-1", "OSV:DSA-4909-1", "OSV:DSA-4933-1", "OSV:DSA-5265-1", "OSV:GHSA-344F-F5VG-2JFJ", "OSV:GHSA-9F3J-PM6F-9FM5", "OSV:GHSA-J39C-C8HJ-X4J3", "OSV:GHSA-JGWR-3QM3-26F3"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145645", "PACKETSTORM:160681", "PACKETSTORM:161160", "PACKETSTORM:161230", "PACKETSTORM:161270", "PACKETSTORM:161293"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-3156", "PAN-SA-2018-0001", "PAN-SA-2018-0002"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0011", "PHSA-2018-0097", "PHSA-2018-0098", "PHSA-2018-1.0-0097", "PHSA-2018-1.0-0098", "PHSA-2020-0052", "PHSA-2020-0093", "PHSA-2020-0100", "PHSA-2020-0104", "PHSA-2020-0138", "PHSA-2020-0144", "PHSA-2020-0147", "PHSA-2020-0153", "PHSA-2020-0160", "PHSA-2020-0174", "PHSA-2020-0242", "PHSA-2020-0248", "PHSA-2020-0254", "PHSA-2020-0298", "PHSA-2020-0300", "PHSA-2020-0301", "PHSA-2020-0302", "PHSA-2020-0309", "PHSA-2020-0318", "PHSA-2020-0328", "PHSA-2020-0338", "PHSA-2020-0345", "PHSA-2020-0350", "PHSA-2020-1.0-0298", "PHSA-2020-1.0-0300", "PHSA-2020-1.0-0301", "PHSA-2020-1.0-0302", "PHSA-2020-1.0-0309", "PHSA-2020-1.0-0318", "PHSA-2020-1.0-0328", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0350", "PHSA-2020-2.0-0242", "PHSA-2020-2.0-0248", "PHSA-2020-2.0-0254", "PHSA-2020-2.0-0279", "PHSA-2020-2.0-0286", "PHSA-2020-2.0-0295", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0093", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0104", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0138", "PHSA-2020-3.0-0144", "PHSA-2020-3.0-0147", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0174", "PHSA-2021-0005", "PHSA-2021-0006", "PHSA-2021-0007", "PHSA-2021-0012", "PHSA-2021-0039", "PHSA-2021-0182", "PHSA-2021-0185", "PHSA-2021-0188", "PHSA-2021-0189", "PHSA-2021-0207", "PHSA-2021-0208", "PHSA-2021-0210", "PHSA-2021-0223", "PHSA-2021-0240", "PHSA-2021-0308", "PHSA-2021-0314", "PHSA-2021-0315", "PHSA-2021-0328", "PHSA-2021-0332", "PHSA-2021-0339", "PHSA-2021-0348", "PHSA-2021-0353", "PHSA-2021-0354", "PHSA-2021-0358", "PHSA-2021-0370", "PHSA-2021-0372", "PHSA-2021-0375", "PHSA-2021-0383", "PHSA-2021-0391", "PHSA-2021-0436", "PHSA-2021-1.0-0353", "PHSA-2021-1.0-0354", "PHSA-2021-1.0-0358", "PHSA-2021-1.0-0370", "PHSA-2021-1.0-0372", "PHSA-2021-1.0-0375", "PHSA-2021-1.0-0383", "PHSA-2021-1.0-0391", "PHSA-2021-2.0-0308", "PHSA-2021-2.0-0314", "PHSA-2021-2.0-0315", "PHSA-2021-2.0-0328", "PHSA-2021-2.0-0332", "PHSA-2021-2.0-0339", "PHSA-2021-2.0-0348", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0185", "PHSA-2021-3.0-0188", "PHSA-2021-3.0-0189", "PHSA-2021-3.0-0207", "PHSA-2021-3.0-0208", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0223", "PHSA-2021-3.0-0240", "PHSA-2021-4.0-0005", "PHSA-2021-4.0-0006", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0012", "PHSA-2021-4.0-0039", "PHSA-2022-3.0-0507", "PHSA-2023-4.0-0318"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:02EAB5AF6104A4960F7E3B105CD50FA1", "QUALYSBLOG:3ACE52E54FF5FE3EF1B0FC328181FA66", "QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59", "QUALYSBLOG:8A2B26102098E31C5F8E392A55929F58", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:A341C9278C6DD389E0F263AE83CB5579", "QUALYSBLOG:BD020D07BF02B0790C62701D997BFD4D", "QUALYSBLOG:C16BBF82FBCDBD2158DDC05C0775BB31", "QUALYSBLOG:C9F2432F760D960CF69CDC55D87263A8", "QUALYSBLOG:D893D4DFB7141FDAD0BE869440074392", "QUALYSBLOG:E761CF659F35F9F5C29FB50D76B98C3E", "QUALYSBLOG:E9408B9A1592F0FED621B417D14ABECD", "QUALYSBLOG:F7C32BA5E6651A8CE3584BB84A88A0C0", "QUALYSBLOG:F8AA5B21D90BCDD30391A24D6FD47892"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:46A54401F6ED43B72F664A32EA043CB8", "RAPID7BLOG:8F65784C67333FC453D98DBB9FBEBA4C", "RAPID7BLOG:B7BFF90DF2218C3CFB5ABB1CFE63700E", "RAPID7BLOG:BCCD03F6B72FD7F9410FC063D6F16682", "RAPID7BLOG:CBB459355DA52AAEA21DDFD10D5B6FDB"]}, {"type": "redhat", "idList": ["RHSA-2018:0007", "RHSA-2018:0008", "RHSA-2018:0009", "RHSA-2018:0010", "RHSA-2018:0011", "RHSA-2018:0012", "RHSA-2018:0013", "RHSA-2018:0014", "RHSA-2018:0015", "RHSA-2018:0016", "RHSA-2018:0017", "RHSA-2018:0018", "RHSA-2018:0020", "RHSA-2018:0021", "RHSA-2018:0022", "RHSA-2018:0023", "RHSA-2018:0024", "RHSA-2018:0025", "RHSA-2018:0026", "RHSA-2018:0027", "RHSA-2018:0028", "RHSA-2018:0029", "RHSA-2018:0030", "RHSA-2018:0031", "RHSA-2018:0032", "RHSA-2018:0034", "RHSA-2018:0035", "RHSA-2018:0036", "RHSA-2018:0037", "RHSA-2018:0038", "RHSA-2018:0039", "RHSA-2018:0040", "RHSA-2018:0044", "RHSA-2018:0045", "RHSA-2018:0046", "RHSA-2018:0047", "RHSA-2018:0048", "RHSA-2018:0049", "RHSA-2018:0050", "RHSA-2018:0051", "RHSA-2018:0052", "RHSA-2018:0053", "RHSA-2018:0054", "RHSA-2018:0055", "RHSA-2018:0056", "RHSA-2018:0057", "RHSA-2018:0058", "RHSA-2018:0059", "RHSA-2018:0060", "RHSA-2018:0089", "RHSA-2018:0090", "RHSA-2018:0091", "RHSA-2018:0092", "RHSA-2018:0093", "RHSA-2018:0094", "RHSA-2018:0103", "RHSA-2018:0104", "RHSA-2018:0105", "RHSA-2018:0106", "RHSA-2018:0107", "RHSA-2018:0108", "RHSA-2018:0109", "RHSA-2018:0110", "RHSA-2018:0111", "RHSA-2018:0112", "RHSA-2018:0151", "RHSA-2018:0182", "RHSA-2018:0292", "RHSA-2018:0464", "RHSA-2018:0496", "RHSA-2018:0502", "RHSA-2018:0512", "RHSA-2018:0654", "RHSA-2018:1062", "RHSA-2018:1129", "RHSA-2018:1130", "RHSA-2018:1196", "RHSA-2018:1216", "RHSA-2018:1252", "RHSA-2018:1319", "RHSA-2018:1346", "RHSA-2018:1349", "RHSA-2018:1350", "RHSA-2018:1351", "RHSA-2018:1374", "RHSA-2018:1967", "RHSA-2019:1046", "RHSA-2020:1567", "RHSA-2020:1769", "RHSA-2020:2483", "RHSA-2020:2487", "RHSA-2020:2506", "RHSA-2020:2509", "RHSA-2020:2529", "RHSA-2020:2530", "RHSA-2020:3017", "RHSA-2020:4444", "RHSA-2020:5129", "RHSA-2020:5149", "RHSA-2020:5201", "RHSA-2020:5350", "RHSA-2020:5364", "RHSA-2020:5372", "RHSA-2020:5420", "RHSA-2020:5480", "RHSA-2020:5605", "RHSA-2020:5614", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0003", "RHSA-2021:0004", "RHSA-2021:0050", "RHSA-2021:0146", "RHSA-2021:0184", "RHSA-2021:0189", "RHSA-2021:0190", "RHSA-2021:0218", "RHSA-2021:0219", "RHSA-2021:0220", "RHSA-2021:0221", "RHSA-2021:0222", "RHSA-2021:0223", "RHSA-2021:0224", "RHSA-2021:0225", "RHSA-2021:0226", "RHSA-2021:0227", "RHSA-2021:0257", "RHSA-2021:0336", "RHSA-2021:0338", "RHSA-2021:0343", "RHSA-2021:0348", "RHSA-2021:0354", "RHSA-2021:0358", "RHSA-2021:0395", "RHSA-2021:0401", "RHSA-2021:0436", "RHSA-2021:0525", "RHSA-2021:0537", "RHSA-2021:0557", "RHSA-2021:0558", "RHSA-2021:0607", "RHSA-2021:0669", "RHSA-2021:0670", "RHSA-2021:0671", "RHSA-2021:0672", "RHSA-2021:0686", "RHSA-2021:0689", "RHSA-2021:0691", "RHSA-2021:0692", "RHSA-2021:0693", "RHSA-2021:0694", "RHSA-2021:0719", "RHSA-2021:0727", "RHSA-2021:0742", "RHSA-2021:0763", "RHSA-2021:0765", "RHSA-2021:0774", "RHSA-2021:0778", "RHSA-2021:0779", "RHSA-2021:0780", "RHSA-2021:0799", "RHSA-2021:0848", "RHSA-2021:0856", "RHSA-2021:0857", "RHSA-2021:0862", "RHSA-2021:0878", "RHSA-2021:0883", "RHSA-2021:0922", "RHSA-2021:0940", "RHSA-2021:0980", "RHSA-2021:1028", "RHSA-2021:1031", "RHSA-2021:1032", "RHSA-2021:1069", "RHSA-2021:1070", "RHSA-2021:1071", "RHSA-2021:1079", "RHSA-2021:1081", "RHSA-2021:1093", "RHSA-2021:1129", "RHSA-2021:1145", "RHSA-2021:1168", "RHSA-2021:1171", "RHSA-2021:1173", "RHSA-2021:1206", "RHSA-2021:1225", "RHSA-2021:1245", "RHSA-2021:1246", "RHSA-2021:1266", "RHSA-2021:1267", "RHSA-2021:1272", "RHSA-2021:1279", "RHSA-2021:1288", "RHSA-2021:1289", "RHSA-2021:1295", "RHSA-2021:1297", "RHSA-2021:1298", "RHSA-2021:1299", "RHSA-2021:1301", "RHSA-2021:1305", "RHSA-2021:1306", "RHSA-2021:1307", "RHSA-2021:1315", "RHSA-2021:1338", "RHSA-2021:1369", "RHSA-2021:1373", "RHSA-2021:1376", "RHSA-2021:1377", "RHSA-2021:1379", "RHSA-2021:1429", "RHSA-2021:1444", "RHSA-2021:1445", "RHSA-2021:1446", "RHSA-2021:1447", "RHSA-2021:1448", "RHSA-2021:1468", "RHSA-2021:1469", "RHSA-2021:1475", "RHSA-2021:1476", "RHSA-2021:1477", "RHSA-2021:1478", "RHSA-2021:1479", "RHSA-2021:1499", "RHSA-2021:1515", "RHSA-2021:1531", "RHSA-2021:1532", "RHSA-2021:1585", "RHSA-2021:1678", "RHSA-2021:1989", "RHSA-2021:2021", "RHSA-2021:2024", "RHSA-2021:2028", "RHSA-2021:2041", "RHSA-2021:2053", "RHSA-2021:2099", "RHSA-2021:2106", "RHSA-2021:2121", "RHSA-2021:2130", "RHSA-2021:2136", "RHSA-2021:2164", "RHSA-2021:2167", "RHSA-2021:2184", "RHSA-2021:2185", "RHSA-2021:2190", "RHSA-2021:2280", "RHSA-2021:2355", "RHSA-2021:2356", "RHSA-2021:2461", "RHSA-2021:2479", "RHSA-2021:2523", "RHSA-2021:2532", "RHSA-2021:2543", "RHSA-2021:2561", "RHSA-2021:2562", "RHSA-2021:2705", "RHSA-2021:2732", "RHSA-2021:2758", "RHSA-2021:2760", "RHSA-2021:2792", "RHSA-2021:2813", "RHSA-2021:2920", "RHSA-2021:2998", "RHSA-2021:3016", "RHSA-2021:3119", "RHSA-2021:3140", "RHSA-2021:3315", "RHSA-2021:3425", "RHSA-2021:3556", "RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:5137", "RHSA-2022:0056", "RHSA-2022:1074", "RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:5532", "RHSA-2022:5924", "RHSA-2022:6735", "RHSA-2022:6755", "RHSA-2022:6756", "RHSA-2023:0187", "RHSA-2023:0399", "RHSA-2023:0400"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-5715", "RH:CVE-2017-5753", "RH:CVE-2017-5754", "RH:CVE-2018-19965", "RH:CVE-2018-3620", "RH:CVE-2018-3639", "RH:CVE-2019-19532", "RH:CVE-2019-25013", "RH:CVE-2020-0427", "RH:CVE-2020-10029", "RH:CVE-2020-10543", "RH:CVE-2020-10878", "RH:CVE-2020-12723", "RH:CVE-2020-14351", "RH:CVE-2020-15436", "RH:CVE-2020-15862", "RH:CVE-2020-24511", "RH:CVE-2020-25211", "RH:CVE-2020-25645", "RH:CVE-2020-25656", "RH:CVE-2020-25705", "RH:CVE-2020-28374", "RH:CVE-2020-29573", "RH:CVE-2020-29661", "RH:CVE-2020-35513", "RH:CVE-2020-7053", "RH:CVE-2020-8625", "RH:CVE-2020-9484", "RH:CVE-2021-20305", "RH:CVE-2021-20322", "RH:CVE-2021-2161", "RH:CVE-2021-2163", "RH:CVE-2021-25122", "RH:CVE-2021-25215", "RH:CVE-2021-25329", "RH:CVE-2021-26401", "RH:CVE-2021-26937", "RH:CVE-2021-27363", "RH:CVE-2021-27364", "RH:CVE-2021-27365", "RH:CVE-2021-3156", "RH:CVE-2022-2196", "RH:CVE-2022-23181", "RH:CVE-2022-23824"]}, {"type": "rocky", "idList": ["RLSA-2021:1206", "RLSA-2021:1585", "RLSA-2021:1678", "RLSA-2021:1989", "RLSA-2022:1975", "RLSA-2022:1988"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1968", "ROSA-SA-2021-1988", "ROSA-SA-2023-2097", "ROSA-SA-2023-2133"]}, {"type": "securelist", "idList": ["SECURELIST:7CF4DDEB1B5407DAA24EC25BAA7A9654", "SECURELIST:FC1216FC2096CBEE31E247C19D68BEC5"]}, {"type": "seebug", "idList": ["SSV:97059"]}, {"type": "slackware", "idList": ["SSA-2018-016-01", "SSA-2018-037-01", "SSA-2018-057-01", "SSA-2020-295-01", "SSA-2021-026-01", "SSA-2021-072-01", "SSA-2021-118-01", "SSA-2021-145-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0013-1", "OPENSUSE-SU-2018:0022-1", "OPENSUSE-SU-2018:0023-1", "OPENSUSE-SU-2018:0026-1", "OPENSUSE-SU-2018:0030-1", "OPENSUSE-SU-2018:0059-1", "OPENSUSE-SU-2018:0066-1", "OPENSUSE-SU-2018:0187-1", "OPENSUSE-SU-2018:0326-1", "OPENSUSE-SU-2018:0408-1", "OPENSUSE-SU-2018:0459-1", "OPENSUSE-SU-2018:0710-1", "OPENSUSE-SU-2018:0745-1", "OPENSUSE-SU-2018:0780-1", "OPENSUSE-SU-2018:0939-1", "OPENSUSE-SU-2018:1274-1", "OPENSUSE-SU-2018:1502-1", "OPENSUSE-SU-2018:1623-1", "OPENSUSE-SU-2018:1631-1", "OPENSUSE-SU-2018:2119-1", "OPENSUSE-SU-2018:2237-1", "OPENSUSE-SU-2018:2524-1", "OPENSUSE-SU-2020:0336-1", "OPENSUSE-SU-2020:0381-1", "OPENSUSE-SU-2020:0711-1", "OPENSUSE-SU-2020:0850-1", "OPENSUSE-SU-2020:1586-1", "OPENSUSE-SU-2020:1655-1", "OPENSUSE-SU-2020:1682-1", "OPENSUSE-SU-2020:1698-1", "OPENSUSE-SU-2020:1906-1", "OPENSUSE-SU-2020:2034-1", "OPENSUSE-SU-2020:2112-1", "OPENSUSE-SU-2020:2161-1", "OPENSUSE-SU-2020:2193-1", "OPENSUSE-SU-2020:2260-1", "OPENSUSE-SU-2021:0060-1", "OPENSUSE-SU-2021:0075-1", "OPENSUSE-SU-2021:0169-1", "OPENSUSE-SU-2021:0170-1", "OPENSUSE-SU-2021:0241-1", "OPENSUSE-SU-2021:0242-1", "OPENSUSE-SU-2021:0304-1", "OPENSUSE-SU-2021:0358-1", "OPENSUSE-SU-2021:0375-1", "OPENSUSE-SU-2021:0496-1", "OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0602-1", "OPENSUSE-SU-2021:0635-1", "OPENSUSE-SU-2021:0668-1", "OPENSUSE-SU-2021:0719-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:0776-1", "OPENSUSE-SU-2021:0933-1", "OPENSUSE-SU-2021:1176-1", "OPENSUSE-SU-2021:1212-1", "OPENSUSE-SU-2021:1455-1", "OPENSUSE-SU-2021:1666-1", "OPENSUSE-SU-2021:1826-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:1989-1", "OPENSUSE-SU-2021:2798-1", "OPENSUSE-SU-2021:2861-1", "OPENSUSE-SU-2021:3615-1", "OPENSUSE-SU-2022:0050-1", "OPENSUSE-SU-2022:0108-1", "SUSE-SU-2018:0006-1", "SUSE-SU-2018:0007-1", "SUSE-SU-2018:0008-1", "SUSE-SU-2018:0009-1", "SUSE-SU-2018:0010-1", "SUSE-SU-2018:0011-1", "SUSE-SU-2018:0012-1", "SUSE-SU-2018:0019-1", "SUSE-SU-2018:0020-1", "SUSE-SU-2018:0031-1", "SUSE-SU-2018:0036-1", "SUSE-SU-2018:0039-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0041-1", "SUSE-SU-2018:0051-1", "SUSE-SU-2018:0056-1", "SUSE-SU-2018:0067-1", "SUSE-SU-2018:0068-1", "SUSE-SU-2018:0069-1", "SUSE-SU-2018:0113-1", "SUSE-SU-2018:0114-1", "SUSE-SU-2018:0115-1", "SUSE-SU-2018:0131-1", "SUSE-SU-2018:0171-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0213-1", "SUSE-SU-2018:0219-1", "SUSE-SU-2018:0383-1", "SUSE-SU-2018:0416-1", "SUSE-SU-2018:0437-1", "SUSE-SU-2018:0438-1", "SUSE-SU-2018:0472-1", "SUSE-SU-2018:0482-1", "SUSE-SU-2018:0525-1", "SUSE-SU-2018:0555-1", "SUSE-SU-2018:0601-1", "SUSE-SU-2018:0609-1", "SUSE-SU-2018:0638-1", "SUSE-SU-2018:0660-1", "SUSE-SU-2018:0678-1", "SUSE-SU-2018:0705-1", "SUSE-SU-2018:0708-1", "SUSE-SU-2018:0762-1", "SUSE-SU-2018:0831-1", "SUSE-SU-2018:0838-1", "SUSE-SU-2018:0841-1", "SUSE-SU-2018:0861-1", "SUSE-SU-2018:0909-1", "SUSE-SU-2018:0920-1", "SUSE-SU-2018:0986-1", "SUSE-SU-2018:1077-1", "SUSE-SU-2018:1080-1", "SUSE-SU-2018:1177-1", "SUSE-SU-2018:1181-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:1202-1", "SUSE-SU-2018:1203-1", "SUSE-SU-2018:1216-1"]}, {"type": "symantec", "idList": ["SMNTC-102371", "SMNTC-102378", "SMNTC-1426", "SMNTC-17650"]}, {"type": "talosblog", "idList": ["TALOSBLOG:6AF8BBB020A686E442B50095CA9B7A36"]}, {"type": "taosecurity", "idList": ["TAOSECURITY:37F5AF86E0886FC0FBDCCE15A1236586"]}, {"type": "thn", "idList": ["THN:2B2B2CD54A42E2C054F98F11FD06C341", "THN:2C912D2A2005BA770BBD4A4975BD3518", "THN:58CFE19533148E77597FE0AC59963145", "THN:718A9E01EB9A2B76DC08D8973AACAF7E", "THN:71C19B8F2C6EDB0AFDA5AA0280A20C00", "THN:788E9312DDA39D9A09855DF379A0FD4D", "THN:7C0B13C9EA246ED9067BDC332C6923AE", "THN:83DDF7EA5627F196DA7F3A5DB2F32A06", "THN:AF0CBD71A7E1DCE8E508D374E0760687", "THN:BA94EB21B28842327D78D9B107AC9960", "THN:BCD236457064C9D8673B1536BE370718", "THN:C4C9BC61AD42FB9F46B30ECA56F71393"]}, {"type": "threatpost", "idList": ["THREATPOST:0F9EDE9A622A021B9B79C50214D7E8AD", "THREATPOST:27232AA8871910ACCF00E8FC6A9EDEA9", "THREATPOST:31234A4925170238A90EE40343968C48", "THREATPOST:3A6A7F7256BF05AA048512CF2D064F7F", "THREATPOST:4F13E380B1984CDEA728722B169027FB", "THREATPOST:5AEBAF88C55924F6A472867BE083F0B0", "THREATPOST:66600F3B128B00AC1B1B38670F93DE04", "THREATPOST:6C364316788D445329E5596C5108A157", "THREATPOST:7458AE86ECA810D873D5D35916A93D9F", "THREATPOST:CE89F855271AB3AE3CE8B5B0C141CDC2", "THREATPOST:DB0542CFA474B0D9C91032709EDE296D", "THREATPOST:E454192F36C2E44BAE14AB9B62BE28DB"]}, {"type": "tomcat", "idList": ["TOMCAT:134FFF2A5E889835054EC92E557C984D", "TOMCAT:36341E62C29FA8D208E5019D7D60DFC8", "TOMCAT:38E1DC5950ADDBB8A055F354B172C65E", "TOMCAT:47B91042927062AB4C945C176AD09B02", "TOMCAT:75BDD1762995663D2613C2EC3D1F16DD", "TOMCAT:8A2C262DE6E0BAC59E53AD562A9743FE", "TOMCAT:9B658D22C08634C8C17F1EFEE3366D4D", "TOMCAT:A01991EC43D0F6A28E9CB4553C6B4670", "TOMCAT:BD106E970B6D4964B80C5CC3715C6DD2", "TOMCAT:C5537152452B543D3F3B9565BB62CA70", "TOMCAT:C878975BAAD7823EE793B63FC6053125", "TOMCAT:E76617B2A121AAAE8F7420BCA50A252C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"]}, {"type": "ubuntu", "idList": ["LSN-0074-1", "LSN-0082-1", "USN-3516-1", "USN-3521-1", "USN-3522-1", "USN-3522-2", "USN-3522-3", "USN-3522-4", "USN-3523-1", "USN-3523-2", "USN-3524-1", "USN-3524-2", "USN-3525-1", "USN-3530-1", "USN-3531-1", "USN-3531-2", "USN-3531-3", "USN-3540-1", "USN-3540-2", "USN-3541-1", "USN-3541-2", "USN-3542-1", "USN-3542-2", "USN-3549-1", "USN-3560-1", "USN-3561-1", "USN-3580-1", "USN-3581-1", "USN-3581-2", "USN-3582-1", "USN-3582-2", "USN-3583-1", "USN-3594-1", "USN-3597-1", "USN-3597-2", "USN-3620-2", "USN-3690-1", "USN-3690-2", "USN-3777-3", "USN-4226-1", "USN-4255-1", "USN-4255-2", "USN-4285-1", "USN-4287-1", "USN-4287-2", "USN-4416-1", "USN-4448-1", "USN-4471-1", "USN-4471-2", "USN-4596-1", "USN-4602-1", "USN-4602-2", "USN-4657-1", "USN-4658-1", "USN-4658-2", "USN-4659-1", "USN-4659-2", "USN-4660-1", "USN-4660-2", "USN-4679-1", "USN-4680-1", "USN-4681-1", "USN-4694-1", "USN-4705-1", "USN-4705-2", "USN-4709-1", "USN-4711-1", "USN-4713-1", "USN-4713-2", "USN-4737-1", "USN-4737-2", "USN-4747-1", "USN-4747-2", "USN-4748-1", "USN-4749-1", "USN-4750-1", "USN-4751-1", "USN-4752-1", "USN-4753-1", "USN-4883-1", "USN-4887-1", "USN-4889-1", "USN-4892-1", "USN-4901-1", "USN-4906-1", "USN-4912-1", "USN-4929-1", "USN-4985-1", "USN-5130-1", "USN-5310-1", "USN-5360-1", "USN-5768-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-5715", "UB:CVE-2017-5753", "UB:CVE-2017-5754", "UB:CVE-2018-10471", "UB:CVE-2018-19965", "UB:CVE-2018-3693", "UB:CVE-2019-19532", "UB:CVE-2019-25013", "UB:CVE-2020-0427", "UB:CVE-2020-10029", "UB:CVE-2020-10543", "UB:CVE-2020-10878", "UB:CVE-2020-12723", "UB:CVE-2020-14351", "UB:CVE-2020-15436", "UB:CVE-2020-15862", "UB:CVE-2020-25211", "UB:CVE-2020-25645", "UB:CVE-2020-25656", "UB:CVE-2020-25705", "UB:CVE-2020-28374", "UB:CVE-2020-29573", "UB:CVE-2020-29661", "UB:CVE-2020-35513", "UB:CVE-2020-7053", "UB:CVE-2020-8625", "UB:CVE-2020-9484", "UB:CVE-2020-9494", "UB:CVE-2021-0448", "UB:CVE-2021-20265", "UB:CVE-2021-20305", "UB:CVE-2021-2161", "UB:CVE-2021-2163", "UB:CVE-2021-25122", "UB:CVE-2021-25215", "UB:CVE-2021-25329", "UB:CVE-2021-26401", "UB:CVE-2021-26937", "UB:CVE-2021-27363", "UB:CVE-2021-27364", "UB:CVE-2021-27365", "UB:CVE-2021-3139", "UB:CVE-2021-3156", "UB:CVE-2022-23181"]}, {"type": "veeam", "idList": ["VEEAM:KB2427"]}, {"type": "veracode", "idList": ["VERACODE:25469", "VERACODE:26179", "VERACODE:26180", "VERACODE:26245", "VERACODE:27696", "VERACODE:27801", "VERACODE:27961", "VERACODE:28077", "VERACODE:28081", "VERACODE:28083", "VERACODE:28088", "VERACODE:28090", "VERACODE:29144", "VERACODE:29276", "VERACODE:29277", "VERACODE:29279", "VERACODE:29358", "VERACODE:29416", "VERACODE:29423", "VERACODE:29537", "VERACODE:29541", "VERACODE:29554", "VERACODE:29734", "VERACODE:29735", "VERACODE:29737", "VERACODE:29738", "VERACODE:29931", "VERACODE:29932", "VERACODE:29933", "VERACODE:30010", "VERACODE:30152", "VERACODE:30315", "VERACODE:31224"]}, {"type": "virtuozzo", "idList": ["VZA-2018-001", "VZA-2018-002", "VZA-2018-003", "VZA-2018-006", "VZA-2018-016", "VZA-2018-017", "VZA-2018-023", "VZA-2018-028", "VZA-2018-029", "VZA-2020-061", "VZA-2020-064", "VZA-2021-004", "VZA-2021-005", "VZA-2021-006", "VZA-2021-008", "VZA-2021-014", "VZA-2021-015", "VZA-2021-017", "VZA-2021-040"]}, {"type": "vmware", "idList": ["VMSA-2018-0002", "VMSA-2018-0002.3", "VMSA-2018-0004", "VMSA-2018-0004.3", "VMSA-2018-0007", "VMSA-2018-0007.6"]}, {"type": "xen", "idList": ["XSA-254", "XSA-279", "XSA-289"]}, {"type": "zdi", "idList": ["ZDI-20-1372", "ZDI-21-195"]}, {"type": "zdt", "idList": ["1337DAY-ID-29366", "1337DAY-ID-35569", "1337DAY-ID-35741", "1337DAY-ID-35772", "1337DAY-ID-35779", "1337DAY-ID-35785"]}]}, "epss": [{"cve": "CVE-2017-5715", "epss": 0.97581, "percentile": 0.99999, "modified": "2023-05-01"}, {"cve": "CVE-2017-5753", "epss": 0.97576, "percentile": 0.99998, "modified": "2023-05-01"}, {"cve": "CVE-2017-5754", "epss": 0.97505, "percentile": 0.99963, "modified": "2023-05-01"}, {"cve": "CVE-2019-19532", "epss": 0.00168, "percentile": 0.52335, "modified": "2023-05-01"}, {"cve": "CVE-2019-25013", "epss": 0.00211, "percentile": 0.57515, "modified": "2023-05-01"}, {"cve": "CVE-2020-0427", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2020-10029", "epss": 0.00063, "percentile": 0.24983, "modified": "2023-05-01"}, {"cve": "CVE-2020-10543", "epss": 0.00299, "percentile": 0.64884, "modified": "2023-05-01"}, {"cve": "CVE-2020-10878", "epss": 0.00274, "percentile": 0.63229, "modified": "2023-05-01"}, {"cve": "CVE-2020-12723", "epss": 0.00319, "percentile": 0.66045, "modified": "2023-05-01"}, {"cve": "CVE-2020-14351", "epss": 0.00092, "percentile": 0.37986, "modified": "2023-05-01"}, {"cve": "CVE-2020-15436", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2020-15862", "epss": 0.00045, "percentile": 0.12116, "modified": "2023-05-01"}, {"cve": "CVE-2020-25211", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2020-25645", "epss": 0.00429, "percentile": 0.70666, "modified": "2023-05-01"}, {"cve": "CVE-2020-25656", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2020-25705", "epss": 0.00275, "percentile": 0.63293, "modified": "2023-05-01"}, {"cve": "CVE-2020-28374", "epss": 0.00227, "percentile": 0.59401, "modified": "2023-05-01"}, {"cve": "CVE-2020-29573", "epss": 0.00137, "percentile": 0.47681, "modified": "2023-05-01"}, {"cve": "CVE-2020-29661", "epss": 0.00046, "percentile": 0.12802, "modified": "2023-05-01"}, {"cve": "CVE-2020-35513", "epss": 0.00068, "percentile": 0.27995, "modified": "2023-05-01"}, {"cve": "CVE-2020-7053", "epss": 0.00045, "percentile": 0.12116, "modified": "2023-05-01"}, {"cve": "CVE-2020-8625", "epss": 0.2581, "percentile": 0.95996, "modified": "2023-05-01"}, {"cve": "CVE-2020-9484", "epss": 0.9701, "percentile": 0.99569, "modified": "2023-05-01"}, {"cve": "CVE-2020-9494", "epss": 0.00411, "percentile": 0.7007, "modified": "2023-05-01"}, {"cve": "CVE-2021-20265", "epss": 0.00043, "percentile": 0.07818, "modified": "2023-05-01"}, {"cve": "CVE-2021-20305", "epss": 0.00415, "percentile": 0.70206, "modified": "2023-05-01"}, {"cve": "CVE-2021-2161", "epss": 0.00085, "percentile": 0.34625, "modified": "2023-05-01"}, {"cve": "CVE-2021-2163", "epss": 0.00117, "percentile": 0.44183, "modified": "2023-05-01"}, {"cve": "CVE-2021-25122", "epss": 0.00335, "percentile": 0.66895, "modified": "2023-05-01"}, {"cve": "CVE-2021-25215", "epss": 0.01337, "percentile": 0.84034, "modified": "2023-05-01"}, {"cve": "CVE-2021-25329", "epss": 0.00045, "percentile": 0.12507, "modified": "2023-05-01"}, {"cve": "CVE-2021-26937", "epss": 0.01165, "percentile": 0.82846, "modified": "2023-05-01"}, {"cve": "CVE-2021-27363", "epss": 0.0006, "percentile": 0.2354, "modified": "2023-05-01"}, {"cve": "CVE-2021-27364", "epss": 0.00088, "percentile": 0.36381, "modified": "2023-05-01"}, {"cve": "CVE-2021-27365", "epss": 0.00091, "percentile": 0.37697, "modified": "2023-05-01"}, {"cve": "CVE-2021-3156", "epss": 0.94383, "percentile": 0.98743, "modified": "2023-05-01"}], "vulnersScore": 9.7}, "_state": {"score": 1684372646, "dependencies": 1684369636, "epss": 0}, "_internal": {"score_hash": "5152f738c7ab547d060a6bb0a1c9c933"}, "pluginID": "164597", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164597);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2019-19532\",\n \"CVE-2019-25013\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-8625\",\n \"CVE-2020-10029\",\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-15862\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29573\",\n \"CVE-2020-29661\",\n \"CVE-2020-35513\",\n \"CVE-2021-2161\",\n \"CVE-2021-2163\",\n \"CVE-2021-3156\",\n \"CVE-2021-20265\",\n \"CVE-2021-20305\",\n \"CVE-2021-25122\",\n \"CVE-2021-25215\",\n \"CVE-2021-25329\",\n \"CVE-2021-26937\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 6.0. It is, therefore, affected by multiple vulnerabilities\nas referenced in the NXSA-AOS-6.0 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis\n of the data cache. (CVE-2017-5754)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range\n reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when\n passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB\n provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-\n based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with\n a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to\n sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because\n of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,\n the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system)\n functionality was found in the way user create and delete object using NFSv4.2 or newer if both\n simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to\n the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG\n features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed,\n but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or\n tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-\n TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server\n environments that combine BIND servers with Active Directory domain controllers. The most likely outcome\n of a successful exploitation of the vulnerability is a crash of the named process. However, remote code\n execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11,\n and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.\n Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions\n (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being\n called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to\n force an invalid signature, causing an assertion failure or possible validation. The highest threat to\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability\n applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the\n specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,\n Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments\n that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox\n for security. (CVE-2021-2163)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one\n request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->\n 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND\n 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the\n flaw described above, the named process will terminate due to a failed assertion check. The vulnerability\n affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other\n versions of BIND 9. (CVE-2021-25215)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be\n used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published\n prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to\n this issue. (CVE-2021-25329)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write\n access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character\n sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-6.0\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a3342a9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '6.0', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 6.0 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '6.0', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 6.0 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "naslFamily": "Misc.", "cpe": ["cpe:/o:nutanix:aos"], "solution": "Update the Nutanix AOS software to recommended version.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-26937", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-10-29T00:00:00", "vulnerabilityPublicationDate": "2018-01-03T00:00:00", "exploitableWith": ["Core Impact", "CANVAS(CANVAS)", "Metasploit(Sudo Heap-Based Buffer Overflow)"]}

{"nessus": [{"lastseen": "2023-06-04T12:36:51", "description": "The version of AOS installed on the remote host is prior to 5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (CVE-2017-5754)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS- TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.\n Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2020-8625", "CVE-2020-9484", "CVE-2020-9494", "CVE-2021-20265", "CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25122", "CVE-2021-25215", "CVE-2021-25329", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_20.NASL", "href": "https://www.tenable.com/plugins/nessus/164557", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164557);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\",\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-8625\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-2161\",\n \"CVE-2021-2163\",\n \"CVE-2021-20265\",\n \"CVE-2021-20305\",\n \"CVE-2021-25122\",\n \"CVE-2021-25215\",\n \"CVE-2021-25329\",\n \"CVE-2021-26937\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.20. It is, therefore, affected by multiple vulnerabilities\nas referenced in the NXSA-AOS-5.20 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis\n of the data cache. (CVE-2017-5754)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG\n features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed,\n but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or\n tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-\n TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server\n environments that combine BIND servers with Active Directory domain controllers. The most likely outcome\n of a successful exploitation of the vulnerability is a crash of the named process. However, remote code\n execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11,\n and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.\n Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions\n (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being\n called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to\n force an invalid signature, causing an assertion failure or possible validation. The highest threat to\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability\n applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the\n specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,\n Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments\n that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox\n for security. (CVE-2021-2163)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one\n request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->\n 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND\n 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the\n flaw described above, the named process will terminate due to a failed assertion check. The vulnerability\n affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other\n versions of BIND 9. (CVE-2021-25215)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be\n used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published\n prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to\n this issue. (CVE-2021-25329)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write\n access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character\n sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3aba379b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.20', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.20 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.20', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.20 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:45:02", "description": "The version of AOS installed on the remote host is prior to 5.15.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.7 advisory.\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265", "CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25215", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_15_7.NASL", "href": "https://www.tenable.com/plugins/nessus/164562", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164562);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-2161\",\n \"CVE-2021-2163\",\n \"CVE-2021-20265\",\n \"CVE-2021-20305\",\n \"CVE-2021-25215\",\n \"CVE-2021-26937\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.7)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.15.7. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.15.7 advisory.\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions\n (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being\n called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to\n force an invalid signature, causing an assertion failure or possible validation. The highest threat to\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability\n applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the\n specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,\n Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments\n that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox\n for security. (CVE-2021-2163)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->\n 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND\n 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the\n flaw described above, the named process will terminate due to a failed assertion check. The vulnerability\n affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other\n versions of BIND 9. (CVE-2021-25215)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write\n access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character\n sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.15.7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?682235cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.15.7', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.15.7 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.15.7', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.15.7 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:45:02", "description": "The version of AOS installed on the remote host is prior to 5.15.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5.5 advisory.\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265", "CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25215", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_15_5_5.NASL", "href": "https://www.tenable.com/plugins/nessus/164590", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164590);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-2161\",\n \"CVE-2021-2163\",\n \"CVE-2021-20265\",\n \"CVE-2021-20305\",\n \"CVE-2021-25215\",\n \"CVE-2021-26937\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5.5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.15.5.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.15.5.5 advisory.\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions\n (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being\n called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to\n force an invalid signature, causing an assertion failure or possible validation. The highest threat to\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability\n applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the\n specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,\n Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments\n that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox\n for security. (CVE-2021-2163)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->\n 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND\n 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the\n flaw described above, the named process will terminate due to a failed assertion check. The vulnerability\n affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other\n versions of BIND 9. (CVE-2021-25215)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write\n access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character\n sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.15.5.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4cafdc0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.15.5.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.15.5.5 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.15.5.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.15.5.5 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:40", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0857 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2021:0857)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2021-0857.NASL", "href": "https://www.tenable.com/plugins/nessus/147827", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0857. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147827);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0857\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:0857)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0857 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1883988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 319, 330, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-0427', 'CVE-2020-7053', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25645', 'CVE-2020-25656', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29661', 'CVE-2021-20265');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0857');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.21.1.rt56.1158.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.21.1.rt56.1158.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:05:38", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-18T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2021:0856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/147885", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0856 and\n# CentOS Errata and Security Advisory 2021:0856 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147885);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0856\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:0856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-March/048295.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7bf93600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 319, 330, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.21.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:32", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0856 advisory.\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-0856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug"], "id": "ORACLELINUX_ELSA-2021-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/147861", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0856.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147861);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-0856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0856 advisory.\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0856.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.21.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-0856');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.21.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-17T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:0856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29661", "CVE-2020-7053", "CVE-2021-20265"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-0856.NASL", "href": "https://www.tenable.com/plugins/nessus/147835", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0856. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147835);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-7053\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0856\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:0856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0856 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)\n\n - kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1795624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1883988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919893\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200, 319, 330, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-0427', 'CVE-2020-7053', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25645', 'CVE-2020-25656', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29661', 'CVE-2021-20265');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0856');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.21.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.21.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:55", "description": "The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory.\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-15436", "CVE-2020-15862", "CVE-2020-29573", "CVE-2020-35513", "CVE-2021-3156"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "href": "https://www.tenable.com/plugins/nessus/164609", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164609);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-25013\",\n \"CVE-2020-10029\",\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\",\n \"CVE-2020-15436\",\n \"CVE-2020-15862\",\n \"CVE-2020-29573\",\n \"CVE-2020-35513\",\n \"CVE-2021-3156\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory.\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range\n reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when\n passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB\n provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-\n based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with\n a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to\n sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because\n of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,\n the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system)\n functionality was found in the way user create and delete object using NFSv4.2 or newer if both\n simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to\n the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.19.1.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?51f492e8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.19.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1.5 or higher.', 'lts' : FALSE },\n { 'fixed_version' : '5.19.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1.5 or higher.', 'lts' : FALSE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:44", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-29661", "CVE-2021-20265"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5", "p-cpe:/a:zte:cgsl_core:kernel-sign-keys", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:perf-debuginfo", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_core:python-perf-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-sign-keys", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf"], "id": "NEWSTART_CGSL_NS-SA-2021-0104_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/154517", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0104. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154517);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\",\n \"CVE-2021-20265\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0104)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0104\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20265\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.952.g813b7c9.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1018.g3790d29'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T12:36:32", "description": "The version of AOS installed on the remote host is prior to 5.20.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.1 advisory.\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25215", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_20_1.NASL", "href": "https://www.tenable.com/plugins/nessus/164592", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164592);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2021-2161\",\n \"CVE-2021-2163\",\n \"CVE-2021-20305\",\n \"CVE-2021-25215\",\n \"CVE-2021-26937\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.20.1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.20.1 advisory.\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions\n (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being\n called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to\n force an invalid signature, causing an assertion failure or possible validation. The highest threat to\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability\n applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the\n specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,\n Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments\n that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox\n for security. (CVE-2021-2163)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->\n 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND\n 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the\n flaw described above, the named process will terminate due to a failed assertion check. The vulnerability\n affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other\n versions of BIND 9. (CVE-2021-25215)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write\n access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character\n sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.20.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70aa8a1e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.20.1', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.20.1 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.20.1', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.20.1 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-06T14:29:44", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1531 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:1531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-28374", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-1531.NASL", "href": "https://www.tenable.com/plugins/nessus/149444", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1531. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149444);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1531\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:1531)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1531 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25705\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 122, 125, 200, 250, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1531');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.7/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.7/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.49.1.el7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.49.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:28", "description": "The version of AOS installed on the remote host is prior to 5.15.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.6 advisory.\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS- TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.\n Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2021-2163)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. (CVE-2021-25215)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18282", "CVE-2019-19532", "CVE-2019-25013", "CVE-2020-0427", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10769", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14385", "CVE-2020-14779", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14792", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14803", "CVE-2020-15436", "CVE-2020-15862", "CVE-2020-1971", "CVE-2020-24394", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25705", "CVE-2020-28374", "CVE-2020-29573", "CVE-2020-29661", "CVE-2020-35513", "CVE-2020-7053", "CVE-2020-8625", "CVE-2020-9484", "CVE-2020-9494", "CVE-2021-20265", "CVE-2021-20305", "CVE-2021-2161", "CVE-2021-2163", "CVE-2021-25122", "CVE-2021-25215", "CVE-2021-25329", "CVE-2021-26937", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3156"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_15_6.NASL", "href": "https://www.tenable.com/plugins/nessus/164567", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164567);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-18282\",\n \"CVE-2019-19532\",\n \"CVE-2019-25013\",\n \"CVE-2020-0427\",\n \"CVE-2020-1971\",\n \"CVE-2020-7053\",\n \"CVE-2020-8625\",\n \"CVE-2020-10029\",\n \"CVE-2020-10543\",\n \"CVE-2020-10769\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14385\",\n \"CVE-2020-14779\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14792\",\n \"CVE-2020-14796\",\n \"CVE-2020-14797\",\n \"CVE-2020-14803\",\n \"CVE-2020-15436\",\n \"CVE-2020-15862\",\n \"CVE-2020-24394\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29573\",\n \"CVE-2020-29661\",\n \"CVE-2020-35513\",\n \"CVE-2021-2161\",\n \"CVE-2021-2163\",\n \"CVE-2021-3156\",\n \"CVE-2021-20265\",\n \"CVE-2021-20305\",\n \"CVE-2021-25122\",\n \"CVE-2021-25215\",\n \"CVE-2021-25329\",\n \"CVE-2021-26937\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.15.6. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.15.6 advisory.\n\n - The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking\n vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on\n a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value\n remains the same starting from boot time, and can be inferred by an attacker. This affects\n net/core/flow_dissector.c and related code. (CVE-2019-18282)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range\n reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when\n passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in\n XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can\n lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading\n to a denial of service. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14385)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).\n Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in\n unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.\n Note: Applies to client and server deployment of Java. This vulnerability can be exploited through\n sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying\n data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed\n Java applets, such as through a web service. (CVE-2020-14779)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server\n deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and\n sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2020-14781)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to\n client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2020-14782, CVE-2020-14797)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to\n a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of\n Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java\n applets. It can also be exploited by supplying data to APIs in the specified Component without using\n sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.\n (CVE-2020-14792)\n\n - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported\n versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a\n subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2020-14796)\n\n - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are\n affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability\n applies to Java deployments, typically in clients running sandboxed Java Web Start applications or\n sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in\n servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2020-14803)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB\n provides the ability to run arbitrary commands as root. (CVE-2020-15862)\n\n - The X.509 GeneralName type is a generic type for representing different types of names. One of those name\n types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different\n instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both\n GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a\n possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)\n Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in\n an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp\n authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an\n attacker can control both items being compared then that attacker could trigger a crash. For example if\n the attacker can trick a client or server into checking a malicious certificate against a malicious CRL\n then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a\n certificate. This checking happens prior to the signatures on the certificate and CRL being verified.\n OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements\n automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an\n unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of\n EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will\n accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.\n Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected\n 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was\n using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of\n bounds. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-25656)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-\n based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with\n a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to\n sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because\n of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,\n the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system)\n functionality was found in the way user create and delete object using NFSv4.2 or newer if both\n simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to\n the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c,\n aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c. (CVE-2020-7053)\n\n - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG\n features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed,\n but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or\n tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-\n TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server\n environments that combine BIND servers with Active Directory domain controllers. The most likely outcome\n of a successful exploitation of the vulnerability is a crash of the named process. However, remote code\n execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11,\n and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.\n Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions\n (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being\n called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to\n force an invalid signature, causing an assertion failure or possible validation. The highest threat to\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability\n applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and\n rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the\n specified Component. (CVE-2021-2161)\n\n - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java\n SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16;\n Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in\n unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded,\n Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments\n that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox\n for security. (CVE-2021-2163)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one\n request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\n - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->\n 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND\n 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the\n flaw described above, the named process will terminate due to a failed assertion check. The vulnerability\n affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other\n versions of BIND 9. (CVE-2021-25215)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be\n used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published\n prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to\n this issue. (CVE-2021-25329)\n\n - encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write\n access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character\n sequence. (CVE-2021-26937)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.15.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1675021c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.15.6', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.15.6 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.15.6', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.15.6 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:12", "description": "The version of AHV installed on the remote host is prior to 20201105.1082. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.1082 advisory.\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-29573"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:ahv"], "id": "NUTANIX_NXSA-AHV-20201105_1082.NASL", "href": "https://www.tenable.com/plugins/nessus/164563", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164563);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2019-25013\",\n \"CVE-2020-10029\",\n \"CVE-2020-10543\",\n \"CVE-2020-10878\",\n \"CVE-2020-12723\",\n \"CVE-2020-29573\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1082)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AHV host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AHV installed on the remote host is prior to 20201105.1082. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AHV-20201105.1082 advisory.\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range\n reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when\n passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular\n expression quantifiers have an integer overflow. (CVE-2020-10543)\n\n - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING\n situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction\n injection. (CVE-2020-10878)\n\n - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of\n recursive S_study_chunk calls. (CVE-2020-12723)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-\n based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with\n a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to\n sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because\n of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,\n the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AHV-20201105.1082\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?375de781\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AHV software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10878\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:ahv\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/Node/Version\", \"Host/Nutanix/Data/Node/Type\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info(node:TRUE);\n\nvar constraints = [\n { 'fixed_version' : '20201105.1082', 'product' : 'AHV', 'fixed_display' : 'Upgrade the AHV install to 20201105.1082 or higher.' }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:31:19", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1376 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:1376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15436", "CVE-2020-28374", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-1376.NASL", "href": "https://www.tenable.com/plugins/nessus/149028", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1376. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149028);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-15436\",\n \"CVE-2020-28374\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1376\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:1376)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1376 advisory.\n\n - kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)\n\n - kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1376\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15436\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 122, 125, 200, 250, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-15436', 'CVE-2020-28374', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1376');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.72.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.72.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:28", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.(CVE-2021-25329)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.(CVE-2021-25122)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1891)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2020-9494", "CVE-2021-25122", "CVE-2021-25329"], "modified": "2021-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1891.NASL", "href": "https://www.tenable.com/plugins/nessus/149632", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149632);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/20\");\n\n script_cve_id(\n \"CVE-2021-25122\",\n \"CVE-2021-25329\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1891)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The fix for CVE-2020-9484 was incomplete. When using\n Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41,\n 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a\n configuration edge case that was highly unlikely to be\n used, the Tomcat instance was still vulnerable to\n CVE-2020-9494. Note that both the previously published\n prerequisites for CVE-2020-9484 and the previously\n published mitigations for CVE-2020-9484 also apply to\n this issue.(CVE-2021-25329)\n\n - When responding to new h2c connection requests, Apache\n Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41\n and 8.5.0 to 8.5.61 could duplicate request headers and\n a limited amount of request body from one request to\n another meaning user A and user B could both see the\n results of user A's request.(CVE-2021-25122)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1891\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5fda242a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-4.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-9.0.10-1.h13.eulerosv2r8\",\n \"tomcat-admin-webapps-9.0.10-1.h13.eulerosv2r8\",\n \"tomcat-el-3.0-api-9.0.10-1.h13.eulerosv2r8\",\n \"tomcat-jsp-2.3-api-9.0.10-1.h13.eulerosv2r8\",\n \"tomcat-lib-9.0.10-1.h13.eulerosv2r8\",\n \"tomcat-servlet-4.0-api-9.0.10-1.h13.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:05", "description": "The version of Tomcat installed on the remote host is prior to 10.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_10.0.2_security-10 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Apache Tomcat 10.0.0-M1 < 10.0.2 multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2020-9494", "CVE-2021-25122", "CVE-2021-25329"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_10_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/150856", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150856);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-9484\", \"CVE-2021-25122\", \"CVE-2021-25329\");\n script_xref(name:\"IAVA\", value:\"2020-A-0225-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0114-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Apache Tomcat 10.0.0-M1 < 10.0.2 multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 10.0.2. It is, therefore, affected by multiple\nvulnerabilities as referenced in the fixed_in_apache_tomcat_10.0.2_security-10 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be\n used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published\n prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to\n this issue. (CVE-2021-25329)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to\n 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one\n request to another meaning user A and user B could both see the results of user A's request.\n (CVE-2021-25122)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/6d66e99ef85da93e4d2c2a536ca51aa3418bfaf4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ed8976b\");\n # https://github.com/apache/tomcat/commit/dd757c0a893e2e35f8bc1385d6967221ae8b9b9b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7b0c6a5\");\n # https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2e22528\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 10.0.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25122\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '10.0.2', min:'10.0.0-M1', severity:SECURITY_WARNING, granularity_regex: \"^10(\\.0)?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:51", "description": "The version of Tomcat installed on the remote host is prior to 9.0.43. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\n - An information disclosure vulnerability exists when responding to new h2c connection requests, Apache Tomcat versions 9.0.0.M1 to 9.0.41 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. (CVE-2021-25122)\n\n - when using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - A remote code execution vulnerability via deserialization exists when using Apache Tomcat 9.0.0.M1 to 9.0.41 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-05T00:00:00", "type": "nessus", "title": "Apache Tomcat 9.0.0.M1 < 9.0.43 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2020-9494", "CVE-2021-25122", "CVE-2021-25329"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_9_0_43.NASL", "href": "https://www.tenable.com/plugins/nessus/147164", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147164);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-9484\", \"CVE-2021-25122\", \"CVE-2021-25329\");\n script_xref(name:\"IAVA\", value:\"2021-A-0114-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Apache Tomcat 9.0.0.M1 < 9.0.43 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 9.0.43. It is, therefore, affected by multiple\nvulnerabilities as referenced in the vendor advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\n - An information disclosure vulnerability exists when responding to new h2c connection requests, Apache Tomcat \n versions 9.0.0.M1 to 9.0.41 could duplicate request headers and a limited amount of request body from one request \n to another meaning user A and user B could both see the results of user A's request. (CVE-2021-25122)\n\n - when using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a \n configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to \n CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously \n published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\n - A remote code execution vulnerability via deserialization exists when using Apache Tomcat 9.0.0.M1 to 9.0.41 with a\n configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to \n CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published \n mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00b2f5b4\");\n # https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6d3f1a3\");\n # https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7051ce31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 9.0.43 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25122\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(min:'9.0.0-M1', fixed: '9.0.43', severity:SECURITY_WARNING, granularity_regex: \"^9(\\.0)?$\");", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:10", "description": "The version of Tomcat installed on the remote host is prior to 8.5.63. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. (CVE-2021-25122)\n\n - When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "Apache Tomcat 8.5.0 < 8.5.63 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2020-9494", "CVE-2021-25122", "CVE-2021-25329"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_8_5_63.NASL", "href": "https://www.tenable.com/plugins/nessus/147019", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147019);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-9484\", \"CVE-2021-25122\", \"CVE-2021-25329\");\n script_xref(name:\"IAVA\", value:\"2021-A-0114-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Apache Tomcat 8.5.0 < 8.5.63 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Tomcat installed on the remote host is prior to 8.5.63. It is, therefore, affected by multiple\nvulnerabilities as referenced in the vendor advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to\n 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the\n server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is\n configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used)\n or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker\n knows the relative file path from the storage location used by FileStore to the file the attacker has\n control over; then, using a specifically crafted request, the attacker will be able to trigger remote code\n execution via deserialization of the file under their control. Note that all of conditions a) to d) must\n be true for the attack to succeed. (CVE-2020-9484)\n\n - When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 \n and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to \n another meaning user A and user B could both see the results of user A's request. (CVE-2021-25122)\n\n - When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a \n configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to \n CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously \n published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6278e74\");\n # https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0be223a3\");\n # https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.63\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15b6baad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Tomcat version 8.5.63 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-25122\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n exit(0);\n}\n\ninclude('tomcat_version.inc');\n\ntomcat_check_version(fixed: '8.5.63', min:'8.5.0', severity:SECURITY_WARNING, granularity_regex: \"^8(\\.5)?$\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:33:07", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9212 advisory.\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-04T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2021-9212)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29661", "CVE-2021-20265", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9212.NASL", "href": "https://www.tenable.com/plugins/nessus/149245", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9212.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149245);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-29661\",\n \"CVE-2021-20265\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2021-9212)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9212 advisory.\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9212.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-754.35.1.0.3.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9212');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-754.35.1.0.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-754.35.1.0.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.35.1.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.35.1.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:36:02", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1288 advisory.\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2021:1288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29661", "CVE-2021-20265", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_els:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-1288.NASL", "href": "https://www.tenable.com/plugins/nessus/157845", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1288. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157845);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-29661\",\n \"CVE-2021-20265\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1288\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2021:1288)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1288 advisory.\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n - kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1908827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(122, 125, 200, 250, 400, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-29661', 'CVE-2021-20265', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1288');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/6/6Client/i386/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/os',\n 'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/os',\n 'content/dist/rhel/client/6/6Client/i386/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/os',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/os',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/os',\n 'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/os',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/optional/debug',\n 'content/dist/rhel/server/6/6Server/i386/optional/os',\n 'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/os',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/os',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/os',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/os',\n 'content/els/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/os',\n 'content/els/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/os',\n 'content/els/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/debug',\n 'content/fastrack/rhel/client/6/i386/optional/debug',\n 'content/fastrack/rhel/client/6/i386/optional/os',\n 'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/os',\n 'content/fastrack/rhel/client/6/i386/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/os',\n 'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/os',\n 'content/fastrack/rhel/client/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/os',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/os',\n 'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/os',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/optional/debug',\n 'content/fastrack/rhel/server/6/i386/optional/os',\n 'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/server/6/x86_64/hpn/os',\n 'content/fastrack/rhel/server/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/optional/debug',\n 'content/fastrack/rhel/server/6/x86_64/optional/os',\n 'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/os',\n 'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/os',\n 'content/fastrack/rhel/system-z/6/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/os',\n 'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/os',\n 'content/fastrack/rhel/workstation/6/i386/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-2.6.32-754.39.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-firmware-2.6.32-754.39.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.39.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.39.1.el6', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.39.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:41:04", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. (CVE-2018-19824)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. (CVE-2019-15214)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. (CVE-2019-5108)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19824", "CVE-2019-15214", "CVE-2019-15927", "CVE-2019-19532", "CVE-2019-5108", "CVE-2020-0427", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-29661", "CVE-2021-20265", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3347"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:bpftool", "p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:perf-debuginfo", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_core:python-perf-debuginfo", "p-cpe:/a:zte:cgsl_main:bpftool", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160788", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0026. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160788);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-19824\",\n \"CVE-2019-5108\",\n \"CVE-2019-15214\",\n \"CVE-2019-15927\",\n \"CVE-2019-19532\",\n \"CVE-2020-0427\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\",\n \"CVE-2021-3347\",\n \"CVE-2021-20265\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by\n supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in\n sound/usb/card.c. (CVE-2018-19824)\n\n - An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound\n subsystem because card disconnection causes certain data structures to be deleted too early. This is\n related to sound/core/init.c and sound/core/info.c. (CVE-2019-15214)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function\n build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)\n\n - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a\n malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-\n axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,\n drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,\n drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-\n tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)\n\n - An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An\n attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations\n before the required authentication process has completed. This could lead to different denial-of-service\n scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already\n existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge\n Authentication and Association Request packets to trigger this vulnerability. (CVE-2019-5108)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.\n (CVE-2020-25211)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause\n the system to crash or cause a denial of service. The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system availability. (CVE-2020-25643)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may\n be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE\n tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from\n this vulnerability is to data confidentiality. (CVE-2020-25645)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux\n kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by\n exhausting available memory. The highest threat from this vulnerability is to system availability.\n (CVE-2021-20265)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0026\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2018-19824\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-15214\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-15927\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-5108\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-0427\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25643\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25645\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20265\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3347\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-core-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite',\n 'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.299.g2f8bf69.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d',\n 'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.361.g4a41c0d'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-04T14:32:04", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1267 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-20T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:1267)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14351", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-1267.NASL", "href": "https://www.tenable.com/plugins/nessus/148851", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1267. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148851);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1267\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:1267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1267 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 125, 200, 250, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-14351', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1267');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.84.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.84.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:17:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2164 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19532", "CVE-2020-12362", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2164.NASL", "href": "https://www.tenable.com/plugins/nessus/150117", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2164. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150117);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2019-19532\",\n \"CVE-2020-12362\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2164\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2164)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2164 advisory.\n\n - kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 190, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-19532', 'CVE-2020-12362', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2164');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.87.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.87.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-bootwrapper / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:12:55", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0348 advisory.\n\n - glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013)\n\n - glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)\n\n - glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2021:0348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-29573"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:glibc", "p-cpe:/a:redhat:enterprise_linux:glibc-common", "p-cpe:/a:redhat:enterprise_linux:glibc-devel", "p-cpe:/a:redhat:enterprise_linux:glibc-headers", "p-cpe:/a:redhat:enterprise_linux:glibc-static", "p-cpe:/a:redhat:enterprise_linux:glibc-utils", "p-cpe:/a:redhat:enterprise_linux:nscd"], "id": "REDHAT-RHSA-2021-0348.NASL", "href": "https://www.tenable.com/plugins/nessus/146081", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0348. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146081);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2019-25013\", \"CVE-2020-10029\", \"CVE-2020-29573\");\n script_xref(name:\"RHSA\", value:\"2021:0348\");\n\n script_name(english:\"RHEL 7 : glibc (RHSA-2021:0348)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0348 advisory.\n\n - glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding\n (CVE-2019-25013)\n\n - glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)\n\n - glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long\n double with a non-canonical bit pattern (CVE-2020-29573)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1810670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1905213\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1912960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25013\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29573\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 121);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nscd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'glibc-2.17-322.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-322.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-322.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-322.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-322.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-322.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-322.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-322.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-322.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-322.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-322.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-322.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-322.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-322.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-322.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-322.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-322.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-322.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-322.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:19", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0348 advisory.\n\n - glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013)\n\n - glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)\n\n - glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-03T00:00:00", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2021:0348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-29573"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:glibc", "p-cpe:/a:centos:centos:glibc-common", "p-cpe:/a:centos:centos:glibc-devel", "p-cpe:/a:centos:centos:glibc-headers", "p-cpe:/a:centos:centos:glibc-static", "p-cpe:/a:centos:centos:glibc-utils", "p-cpe:/a:centos:centos:nscd", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-0348.NASL", "href": "https://www.tenable.com/plugins/nessus/146097", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0348 and\n# CentOS Errata and Security Advisory 2021:0348 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146097);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2019-25013\", \"CVE-2020-10029\", \"CVE-2020-29573\");\n script_xref(name:\"RHSA\", value:\"2021:0348\");\n\n script_name(english:\"CentOS 7 : glibc (CESA-2021:0348)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:0348 advisory.\n\n - glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding\n (CVE-2019-25013)\n\n - glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)\n\n - glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long\n double with a non-canonical bit pattern (CVE-2020-29573)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-February/048257.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e1118f5e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25013\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29573\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(119, 121);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nscd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'glibc-2.17-322.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-common-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-322.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-devel-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-headers-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-322.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-static-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'glibc-utils-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nscd-2.17-322.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:20", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0348 advisory.\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2021-0348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-29573"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:nscd"], "id": "ORACLELINUX_ELSA-2021-0348.NASL", "href": "https://www.tenable.com/plugins/nessus/146101", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0348.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146101);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2019-25013\", \"CVE-2020-10029\", \"CVE-2020-29573\");\n\n script_name(english:\"Oracle Linux 7 : glibc (ELSA-2021-0348)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0348 advisory.\n\n - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range\n reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when\n passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to\n sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)\n\n - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-\n based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with\n a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to\n sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because\n of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,\n the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.\n (CVE-2020-29573)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-\n byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0348.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25013\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29573\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nscd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'glibc-2.17-322.0.1.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'glibc-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'glibc-common-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'glibc-devel-2.17-322.0.1.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'glibc-devel-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'glibc-headers-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'glibc-static-2.17-322.0.1.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'glibc-static-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'glibc-utils-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'nscd-2.17-322.0.1.el7_9', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:02:03", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:0348-1 advisory.\n\n - glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013)\n\n - glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)\n\n - glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-02T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x i686/x86_64 (2021:0348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25013", "CVE-2020-10029", "CVE-2020-29573"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:glibc", "p-cpe:/a:fermilab:scientific_linux:glibc-common", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo", "p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common", "p-cpe:/a:fermilab:scientific_linux:glibc-devel", "p-cpe:/a:fermilab:scientific_linux:glibc-headers", "p-cpe:/a:fermilab:scientific_linux:glibc-static", "p-cpe:/a:fermilab:scientific_linux:glibc-utils", "p-cpe:/a:fermilab:scientific_linux:nscd"], "id": "SL_20210202_GLIBC_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/146062", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146062);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2019-25013\", \"CVE-2020-10029\", \"CVE-2020-29573\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:0348\");\n\n script_name(english:\"Scientific Linux Security Update : glibc on SL7.x i686/x86_64 (2021:0348)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:0348-1 advisory.\n\n - glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding\n (CVE-2019-25013)\n\n - glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029)\n\n - glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long\n double with a non-canonical bit pattern (CVE-2020-29573)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20210348-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25013\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29573\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:glibc-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nscd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'glibc-2.17-322.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'glibc-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-common-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-debuginfo-2.17-322.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'glibc-debuginfo-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-debuginfo-common-2.17-322.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'glibc-debuginfo-common-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-devel-2.17-322.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'glibc-devel-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-headers-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-static-2.17-322.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'glibc-static-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'glibc-utils-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'nscd-2.17-322.el7_9', 'cpu':'x86_64', 'release':'SL7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:55:04", "description": "This update for tomcat fixes the following issues :\n\nCVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912) CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-04-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tomcat (openSUSE-2021-496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9484", "CVE-2021-25122", "CVE-2021-25329"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tomcat", "p-cpe:/a:novell:opensuse:tomcat-admin-webapps", "p-cpe:/a:novell:opensuse:tomcat-docs-webapp", "p-cpe:/a:novell:opensuse:tomcat-el-3_0-api", "p-cpe:/a:novell:opensuse:tomcat-embed", "p-cpe:/a:novell:opensuse:tomcat-javadoc", "p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api", "p-cpe:/a:novell:opensuse:tomcat-jsvc", "p-cpe:/a:novell:opensuse:tomcat-lib", "p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api", "p-cpe:/a:novell:opensuse:tomcat-webapps", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-496.NASL", "href": "https://www.tenable.com/plugins/nessus/148309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-496.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148309);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-9484\", \"CVE-2021-25122\", \"CVE-2021-25329\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"openSUSE Security Update : tomcat (openSUSE-2021-496)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for tomcat fixes the following issues :\n\nCVE-2021-25122: Apache Tomcat h2c request mix-up (bsc#1182912)\nCVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182912\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-el-3_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-embed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsp-2_3-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-servlet-4_0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-admin-webapps-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-docs-webapp-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-el-3_0-api-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-embed-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-javadoc-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-jsp-2_3-api-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-jsvc-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-lib-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-servlet-4_0-api-9.0.36-lp152.2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"tomcat-webapps-9.0.36-lp152.2.22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:29", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0774 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2021:0774)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2021-0774.NASL", "href": "https://www.tenable.com/plugins/nessus/147212", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0774. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147212);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0774\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:0774)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0774 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(99, 119, 244, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0444', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0774');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-193.46.1.rt13.96.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:27", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0765 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2021:0765)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0444", "CVE-2020-14351", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-29661"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2021-0765.NASL", "href": "https://www.tenable.com/plugins/nessus/147207", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0765. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147207);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-14351\",\n \"CVE-2020-25211\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0765\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:0765)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0765 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n (CVE-2020-25211)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(99, 119, 244, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0444', 'CVE-2020-14351', 'CVE-2020-25211', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0765');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-193.46.1.el8_2', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-193.46.1.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:17", "description": "The version of tomcat7 installed on the remote host is prior to 7.0.108-1.40. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1493 advisory.\n\n - When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=null (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. (CVE-2020-9484)\n\n - Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. (CVE-2020-9494)\n\n - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. (CVE-2021-25329)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)

Description

Related