The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)
python: XML External Entity in XML processing plistlib module (CVE-2022-48565)
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) (CVE-2017-1000158)
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer- Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free’s->Thread2-Re-uses-Free’d Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. (CVE-2018-1000030)
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. (CVE-2019-9674)
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. (CVE-2020-27619)
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. (CVE-2021-23336)
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states Warning: http.server is not recommended for production. It only implements basic security checks. (CVE-2021-28861)
There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. (CVE-2021-3426)
There’s a flaw in urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
(CVE-2021-3733)
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. (CVE-2021-3737)
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. (CVE-2021-4189)
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘\r’ and ‘\n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname.
For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. (CVE-2022-45061)
A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560)
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. (CVE-2022-48564)
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. (CVE-2022-48566)
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. (CVE-2023-27043)
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger RecursionError: maximum recursion depth exceeded while calling a Python object via a crafted argument.
This argument is plausibly an untrusted value from an application’s input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor’s perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded;
they were exceeded by the example demonstration code. (CVE-2023-36632)
An issue was found in the CPython zipfile
module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory python. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(196743);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2017-1000158",
"CVE-2018-1000030",
"CVE-2019-9674",
"CVE-2020-10735",
"CVE-2020-27619",
"CVE-2021-3177",
"CVE-2021-3426",
"CVE-2021-3733",
"CVE-2021-3737",
"CVE-2021-4189",
"CVE-2021-23336",
"CVE-2021-28861",
"CVE-2022-0391",
"CVE-2022-45061",
"CVE-2022-48560",
"CVE-2022-48564",
"CVE-2022-48565",
"CVE-2022-48566",
"CVE-2023-27043",
"CVE-2023-36632",
"CVE-2024-0450"
);
script_name(english:"RHEL 7 : python (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)
- python: XML External Entity in XML processing plistlib module (CVE-2022-48565)
- CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape
function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code
execution) (CVE-2017-1000158)
- Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions
prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable
however this has not been confirmed. The vulnerability lies when multiply threads are handling large
amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-
Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without
knowing how much to write. So when a large amount of data is being processed, it is very easy to cause
memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free,
Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a
security vulnerability due to the fact that the attacker must be able to run code, however in some
situations, such as function as a service, this vulnerability can potentially be used by an attacker to
violate a trust boundary, as such the DWF feels this issue deserves a CVE. (CVE-2018-1000030)
- Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource
consumption) via a ZIP bomb. (CVE-2019-9674)
- A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when
using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for
1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not
affected). The highest threat from this vulnerability is to system availability. (CVE-2020-10735)
- In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content
retrieved via HTTP. (CVE-2020-27619)
- The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before
3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and
urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query
parameters using a semicolon (;), they can cause a difference in the interpretation of the request between
the proxy (running with default configuration) and the server. This can result in malicious requests being
cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and
therefore would not include it in a cache key of an unkeyed parameter. (CVE-2021-23336)
- Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection
against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is
disputed by a third party because the http.server.html documentation page states Warning: http.server is
not recommended for production. It only implements basic security checks. (CVE-2021-28861)
- There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince
another local or adjacent user to start a pydoc server could access the server and use it to disclose
sensitive information belonging to the other user that they would not normally be able to access. The
highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9,
Python versions before 3.9.3 and Python versions before 3.10.0a7. (CVE-2021-3426)
- There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP
server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of
Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the
server to the client. The greatest threat that this flaw poses is to application availability.
(CVE-2021-3733)
- A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may
allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop,
consuming CPU time. The highest threat from this vulnerability is to system availability. (CVE-2021-3737)
- A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV
(passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This
flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back
to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which
otherwise would not have been possible. (CVE-2021-4189)
- A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform
Resource Locator (URL) strings into components. The issue involves how the urlparse method does not
sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to
input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1,
3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)
- An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path
when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name
being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by
remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname.
For example, the attack payload could be placed in the Location header of an HTTP response with status
code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. (CVE-2022-45061)
- A use-after-free exists in Python through 3.9 via heappushpop in heapq. (CVE-2022-48560)
- read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM
exhaustion when processing malformed Apple Property List files in binary format. (CVE-2022-48564)
- An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating
optimisations were possible in the accumulator variable in hmac.compare_digest. (CVE-2022-48566)
- The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special
character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some
applications, an attacker can bypass a protection mechanism in which application access is granted only
after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be
used for signup). This occurs in email/_parseaddr.py in recent versions of Python. (CVE-2023-27043)
- The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger
RecursionError: maximum recursion depth exceeded while calling a Python object via a crafted argument.
This argument is plausibly an untrusted value from an application's input data that was supposed to
contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the
documentation of the Python email package. Applications should instead use the email.parser.BytesParser or
email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a
bug. The email package is intended to have size limits and to throw an exception when limits are exceeded;
they were exceeded by the example demonstration code. (CVE-2023-36632)
- An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and
3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the zip
format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile
module reject zip archives which overlap entries in the archive. (CVE-2024-0450)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3177");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-48565");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python36");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'python', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'python', 'cves':['CVE-2017-1000158', 'CVE-2018-1000030', 'CVE-2019-9674', 'CVE-2020-10735', 'CVE-2020-27619', 'CVE-2021-3733', 'CVE-2021-4189', 'CVE-2021-23336', 'CVE-2022-0391', 'CVE-2022-45061', 'CVE-2022-48560', 'CVE-2022-48565', 'CVE-2022-48566', 'CVE-2023-27043', 'CVE-2023-36632', 'CVE-2024-0450']},
{'reference':'python3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'python3', 'cves':['CVE-2019-9674', 'CVE-2020-10735', 'CVE-2020-27619', 'CVE-2021-3177', 'CVE-2021-3426', 'CVE-2021-3733', 'CVE-2021-3737', 'CVE-2021-4189', 'CVE-2021-23336', 'CVE-2021-28861', 'CVE-2022-0391', 'CVE-2022-45061', 'CVE-2022-48560', 'CVE-2022-48564', 'CVE-2022-48565', 'CVE-2022-48566', 'CVE-2023-27043', 'CVE-2023-36632', 'CVE-2024-0450']}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python / python3');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
redhat | enterprise_linux | python3 | p-cpe:/a:redhat:enterprise_linux:python3 |
redhat | enterprise_linux | python36 | p-cpe:/a:redhat:enterprise_linux:python36 |
redhat | enterprise_linux | python2 | p-cpe:/a:redhat:enterprise_linux:python2 |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | python | p-cpe:/a:redhat:enterprise_linux:python |
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48560
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48564
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0450