Oracle Critical Patch Update - July 2016

2016-07-19T00:00:00

Description

A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories. **Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.** This Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>. Please note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS). This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.

{"id": "ORACLE:CPUJUL2016", "type": "oracle", "bulletinFamily": "software", "title": "Oracle Critical Patch Update - July 2016", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 276 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "published": "2016-07-19T00:00:00", "modified": "2016-10-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.oracle.com/security-alerts/cpujul2016.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2012-3137", "CVE-2012-3410", "CVE-2013-2064", "CVE-2013-2566", "CVE-2014-0224", "CVE-2014-3566", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2014-9708", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0228", "CVE-2015-0235", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2721", "CVE-2015-2808", "CVE-2015-3183", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-3253", "CVE-2015-4000", "CVE-2015-5300", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7501", "CVE-2015-7575", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-8104", "CVE-2015-8138", "CVE-2016-0635", "CVE-2016-0701", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1938", "CVE-2016-1978", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2518", "CVE-2016-3081", "CVE-2016-3424", "CVE-2016-3432", "CVE-2016-3433", "CVE-2016-3440", "CVE-2016-3444", "CVE-2016-3445", "CVE-2016-3446", "CVE-2016-3448", "CVE-2016-3450", "CVE-2016-3451", "CVE-2016-3452", "CVE-2016-3453", "CVE-2016-3458", "CVE-2016-3459", "CVE-2016-3467", "CVE-2016-3468", "CVE-2016-3469", "CVE-2016-3470", "CVE-2016-3471", "CVE-2016-3472", "CVE-2016-3474", "CVE-2016-3475", "CVE-2016-3476", "CVE-2016-3477", "CVE-2016-3478", "CVE-2016-3479", "CVE-2016-3480", "CVE-2016-3481", "CVE-2016-3482", "CVE-2016-3483", "CVE-2016-3484", "CVE-2016-3485", "CVE-2016-3486", "CVE-2016-3487", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3490", "CVE-2016-3491", "CVE-2016-3493", "CVE-2016-3494", "CVE-2016-3496", "CVE-2016-3497", "CVE-2016-3498", "CVE-2016-3499", "CVE-2016-3500", "CVE-2016-3501", "CVE-2016-3502", "CVE-2016-3503", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3507", "CVE-2016-3508", "CVE-2016-3509", "CVE-2016-3510", "CVE-2016-3511", "CVE-2016-3512", "CVE-2016-3513", "CVE-2016-3514", "CVE-2016-3515", "CVE-2016-3516", "CVE-2016-3517", "CVE-2016-3518", "CVE-2016-3519", "CVE-2016-3520", "CVE-2016-3521", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3526", "CVE-2016-3527", "CVE-2016-3528", "CVE-2016-3529", "CVE-2016-3530", "CVE-2016-3531", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3537", "CVE-2016-3538", "CVE-2016-3539", "CVE-2016-3540", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3544", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3553", "CVE-2016-3554", "CVE-2016-3555", "CVE-2016-3556", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-3559", "CVE-2016-3560", "CVE-2016-3561", "CVE-2016-3563", "CVE-2016-3564", "CVE-2016-3565", "CVE-2016-3566", "CVE-2016-3567", "CVE-2016-3568", "CVE-2016-3569", "CVE-2016-3570", "CVE-2016-3571", "CVE-2016-3572", "CVE-2016-3573", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3584", "CVE-2016-3585", "CVE-2016-3586", "CVE-2016-3587", "CVE-2016-3588", "CVE-2016-3589", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3607", "CVE-2016-3608", "CVE-2016-3609", "CVE-2016-3610", "CVE-2016-3611", "CVE-2016-3612", "CVE-2016-3613", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-4051", "CVE-2016-4052", "CVE-2016-4053", "CVE-2016-5019", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-5445", "CVE-2016-5446", "CVE-2016-5447", "CVE-2016-5448", "CVE-2016-5449", "CVE-2016-5450", "CVE-2016-5451", "CVE-2016-5452", "CVE-2016-5453", "CVE-2016-5454", "CVE-2016-5455", "CVE-2016-5456", "CVE-2016-5457", "CVE-2016-5458", "CVE-2016-5459", "CVE-2016-5460", "CVE-2016-5461", "CVE-2016-5462", "CVE-2016-5463", "CVE-2016-5464", "CVE-2016-5465", "CVE-2016-5466", "CVE-2016-5467", "CVE-2016-5468", "CVE-2016-5469", "CVE-2016-5470", "CVE-2016-5471", "CVE-2016-5472", "CVE-2016-5473", "CVE-2016-5474", "CVE-2016-5475", "CVE-2016-5476", "CVE-2016-5477"], "immutableFields": [], "lastseen": "2021-10-22T15:44:27", "viewCount": 62, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["ITDS_ADVISORY2.ASC", "JAVA_APRIL2015_ADVISORY.ASC", "JAVA_FEB2015_ADVISORY.ASC", "JAVA_JAN2016_ADVISORY.ASC", "JAVA_JULY2015_ADVISORY.ASC", "JAVA_JULY2016_ADVISORY.ASC", "JAVA_OCT2014_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "NETTCP_ADVISORY2.ASC", "NTP_ADVISORY5.ASC", "NTP_ADVISORY6.ASC", "NTP_ADVISORY7.ASC", "OPENSSL_ADVISORY11.ASC", "OPENSSL_ADVISORY12.ASC", "OPENSSL_ADVISORY14.ASC", "OPENSSL_ADVISORY15.ASC", "OPENSSL_ADVISORY16.ASC", "OPENSSL_ADVISORY17.ASC", "OPENSSL_ADVISORY18.ASC", "OPENSSL_ADVISORY20.ASC", "OPENSSL_ADVISORY9.ASC", "RC4_ADVISORY.ASC", "SENDMAIL_ADVISORY2.ASC"]}, {"type": "altlinux", "idList": ["06B10784464339E3251E4C3544A48D19", "0D593A4CEE4789D30725F0EBFBB4EDDF", "5465F07D1A6D03822732077D9B208F0B", "6E8B796A6FEE95047EFD1F1579BB3755", "758E6D870DDEA68E74011E577E986457", "B7D1FE39355177AD5293458DFFC43DC1", "CA02D996C51FDE4696ED5DEAE9A556FD"]}, {"type": "amazon", "idList": ["ALAS-2014-349", "ALAS-2014-350", "ALAS-2014-351", "ALAS-2014-405", "ALAS-2014-426", "ALAS-2014-429", "ALAS-2014-452", "ALAS-2015-469", "ALAS-2015-471", "ALAS-2015-472", "ALAS-2015-473", "ALAS-2015-480", "ALAS-2015-493", "ALAS-2015-494", "ALAS-2015-550", "ALAS-2015-551", "ALAS-2015-564", "ALAS-2015-569", "ALAS-2015-570", "ALAS-2015-571", "ALAS-2015-578", "ALAS-2015-579", "ALAS-2015-586", "ALAS-2015-607", "ALAS-2015-608", "ALAS-2015-614", "ALAS-2015-618", "ALAS-2015-625", "ALAS-2016-643", "ALAS-2016-645", "ALAS-2016-647", "ALAS-2016-649", "ALAS-2016-651", "ALAS-2016-661", "ALAS-2016-682", "ALAS-2016-695", "ALAS-2016-701", "ALAS-2016-702", "ALAS-2016-708", "ALAS-2016-713", "ALAS-2016-723", "ALAS-2016-727", "ALAS-2016-729", "ALAS-2016-735", "ALAS-2016-737", "ALAS-2016-738", "ALAS-2016-748", "ALAS-2018-1009", "ALAS-2018-1016", "ALAS2-2018-1004", "ALAS2-2018-1009"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-05-01", "ANDROID:2016-07-01", "ANDROID:2017-07-01", "ANDROID:2018-07-01"]}, {"type": "apple", "idList": ["APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "APPLE:87561C7576B031D8E8098D98D5BACF41", "APPLE:B767E2D26FA517686D44D7106CA489EB", "APPLE:E110ECBEC1B5F4EBE4C6799FF1A4F4E0", "APPLE:HT206167", "APPLE:HT206903", "APPLE:HT207268", "APPLE:HT209139"]}, {"type": "archlinux", "idList": ["ASA-201410-6", "ASA-201412-18", "ASA-201501-14", "ASA-201501-15", "ASA-201501-16", "ASA-201501-18", "ASA-201501-19", "ASA-201501-2", "ASA-201501-20", "ASA-201501-22", "ASA-201501-23", "ASA-201506-3", "ASA-201506-4", "ASA-201507-12", "ASA-201507-15", "ASA-201507-16", "ASA-201507-17", "ASA-201507-8", "ASA-201510-14", "ASA-201511-2", "ASA-201511-3", "ASA-201511-4", "ASA-201512-2", "ASA-201601-19", "ASA-201601-29", "ASA-201601-32", "ASA-201601-33", "ASA-201602-16", "ASA-201603-2", "ASA-201603-3", "ASA-201604-14", "ASA-201605-3", "ASA-201605-4", "ASA-201608-3", "ASA-201608-4", "ASA-201608-5", "ASA-201701-36", "ASA-201701-37", "ASA-201712-11", "ASA-201804-2", "ASA-201804-6"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONF-38295", "ATLASSIAN:CONF-43333", "ATLASSIAN:CONF-44226", "ATLASSIAN:CONFSERVER-38295", "ATLASSIAN:CONFSERVER-43333", "ATLASSIAN:CONFSERVER-44226", "ATLASSIAN:JRA-44296", "ATLASSIAN:JRA-62062", "ATLASSIAN:JRASERVER-44296", "ATLASSIAN:JRASERVER-62062", "CONFSERVER-38295", "CONFSERVER-43333", "CONFSERVER-44226", "JRASERVER-44296", "JRASERVER-62062"]}, {"type": "attackerkb", "idList": ["AKB:38474044-13DA-4165-A8D4-86867CA68D83", "AKB:70FA909E-B9D0-4B61-B54F-9639E5A20E3E"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "canvas", "idList": ["JBOSS6_JMXINVOKERSERVLET_DESERIALIZE", "STRUTS2_DMI_RCE", "WEBLOGIC_T3_DESERIALIZATION"]}, {"type": "centos", "idList": ["CESA-2014:0624", "CESA-2014:0625", "CESA-2014:0626", "CESA-2014:1436", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0066", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085", "CESA-2015:0090", "CESA-2015:0092", "CESA-2015:0800", "CESA-2015:1072", "CESA-2015:1115", "CESA-2015:1185", "CESA-2015:1197", "CESA-2015:1228", "CESA-2015:1229", "CESA-2015:1230", "CESA-2015:1526", "CESA-2015:1664", "CESA-2015:1667", "CESA-2015:1668", "CESA-2015:1930", "CESA-2015:1980", "CESA-2015:1981", "CESA-2015:2088", "CESA-2015:2521", "CESA-2015:2522", "CESA-2015:2552", "CESA-2015:2616", "CESA-2015:2617", "CESA-2015:2636", "CESA-2015:2671", "CESA-2016:0007", "CESA-2016:0008", "CESA-2016:0012", "CESA-2016:0049", "CESA-2016:0050", "CESA-2016:0053", "CESA-2016:0054", "CESA-2016:0063", "CESA-2016:0301", "CESA-2016:0302", "CESA-2016:0372", "CESA-2016:0466", "CESA-2016:0534", "CESA-2016:0591", "CESA-2016:0684", "CESA-2016:0685", "CESA-2016:0722", "CESA-2016:0996", "CESA-2016:1137", "CESA-2016:1138", "CESA-2016:1139", "CESA-2016:1140", "CESA-2016:1141", "CESA-2016:1458", "CESA-2016:1504", "CESA-2016:1573", "CESA-2016:1602", "CESA-2016:1776", "CESA-2016:2583", "CESA-2017:2486"]}, {"type": "cert", "idList": ["VU:243585", "VU:257823", "VU:577193", "VU:583776", "VU:718152", "VU:967332", "VU:978508"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2012-644", "CPAI-2014-1127", "CPAI-2014-1616", "CPAI-2014-1909", "CPAI-2015-0012", "CPAI-2015-0029", "CPAI-2015-0039", "CPAI-2015-0053", "CPAI-2015-0075", "CPAI-2015-0223", "CPAI-2015-0226", "CPAI-2015-0571", "CPAI-2015-0586", "CPAI-2015-0802", "CPAI-2015-0858", "CPAI-2015-0994", "CPAI-2015-1158", "CPAI-2015-1194", "CPAI-2015-1313", "CPAI-2016-0119", "CPAI-2016-0302", "CPAI-2016-0349", "CPAI-2016-1031", "CPAI-2017-1082", "CPAI-2018-0740"]}, {"type": "checkpoint_security", "idList": ["CPS:SK101186", "CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK104443", "CPS:SK105062", "CPS:SK109942"]}, {"type": "chrome", "idList": ["GCSA-4830242147321115275", "GCSA-6202249537217802204"]}, {"type": "cisa", "idList": ["CISA:931C4B65156698E92C5A183C30284F30", "CISA:C6FC512213BBB287A39B2B11F25268A6", "CISA:E8C8F007DF2A448F84459142FD8D46F7"]}, {"type": "cisco", "idList": ["CISCO-SA-20140605-OPENSSL", "CISCO-SA-20141015-POODLE", "CISCO-SA-20141211-CVE-2014-8730", "CISCO-SA-20150113-CVE-2015-0204", "CISCO-SA-20150128-GHOST", "CISCO-SA-20150310-SSL", "CISCO-SA-20150612-OPENSSL", "CISCO-SA-20150710-OPENSSL", "CISCO-SA-20151021-NTP", "CISCO-SA-20151204-OPENSSL", "CISCO-SA-20160127-NTPD", "CISCO-SA-20160129-OPENSSL", "CISCO-SA-20160302-OPENSSL", "CISCO-SA-20160428-NTPD", "CISCO-SA-20160504-OPENSSL", "CISCO-SA-20161123-NTPD"]}, {"type": "citrix", "idList": ["CTX140876", "CTX200238", "CTX200391", "CTX201114", "CTX212736", "CTX216642", "CTX220112", "CTX233832"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0B67E4FF46553AC705FD601C96C1A6B6", "CFOUNDRY:0BAC6640342E1B3D4E55BA7644915045", "CFOUNDRY:1E92DA1FCC786D8CF92EF17F4A659881", "CFOUNDRY:2612C84317452E216670EAF7C553C9D4", "CFOUNDRY:28883491CAD3C04ED61F2AE814DD1633", "CFOUNDRY:63DB340A742A21A8EFB20A9452A0EDD2", "CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77", "CFOUNDRY:ECE571CA3959D17438D4F74EAB109B4B", "CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62", "CFOUNDRY:FD6E339752BA328AA16F0962172B55EF"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2012-3137", "CVE-2012-3410", "CVE-2013-2064", "CVE-2013-2566", "CVE-2014-0224", "CVE-2014-3566", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2014-8730", "CVE-2014-9708", "CVE-2015-0138", "CVE-2015-0159", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0228", "CVE-2015-0235", "CVE-2015-0533", "CVE-2015-0534", "CVE-2015-0535", "CVE-2015-1067", "CVE-2015-1637", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2319", "CVE-2015-2721", "CVE-2015-2723", "CVE-2015-2774", "CVE-2015-2808", "CVE-2015-3183", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-3253", "CVE-2015-3569", "CVE-2015-3571", "CVE-2015-3572", "CVE-2015-3642", "CVE-2015-4000", "CVE-2015-4078", "CVE-2015-5300", "CVE-2015-5377", "CVE-2015-5537", "CVE-2015-5600", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7501", "CVE-2015-7575", "CVE-2015-7704", "CVE-2015-7979", "CVE-2015-8104", "CVE-2015-8138", "CVE-2016-0635", "CVE-2016-0701", "CVE-2016-0702", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1547", "CVE-2016-1548", "CVE-2016-1550", "CVE-2016-1938", "CVE-2016-1978", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-2518", "CVE-2016-2842", "CVE-2016-3081", "CVE-2016-3197", "CVE-2016-3424", "CVE-2016-3432", "CVE-2016-3433", "CVE-2016-3440", "CVE-2016-3444", "CVE-2016-3445", "CVE-2016-3446", "CVE-2016-3448", "CVE-2016-3450", "CVE-2016-3451", "CVE-2016-3452", "CVE-2016-3453", "CVE-2016-3458", "CVE-2016-3459", "CVE-2016-3467", "CVE-2016-3468", "CVE-2016-3469", "CVE-2016-3470", "CVE-2016-3471", "CVE-2016-3472", "CVE-2016-3474", "CVE-2016-3475", "CVE-2016-3476", "CVE-2016-3477", "CVE-2016-3478", "CVE-2016-3479", "CVE-2016-3480", "CVE-2016-3481", "CVE-2016-3482", "CVE-2016-3483", "CVE-2016-3484", "CVE-2016-3485", "CVE-2016-3486", "CVE-2016-3487", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3490", "CVE-2016-3491", "CVE-2016-3493", "CVE-2016-3494", "CVE-2016-3496", "CVE-2016-3497", "CVE-2016-3498", "CVE-2016-3499", "CVE-2016-3500", "CVE-2016-3501", "CVE-2016-3502", "CVE-2016-3503", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3507", "CVE-2016-3508", "CVE-2016-3509", "CVE-2016-3510", "CVE-2016-3511", "CVE-2016-3512", "CVE-2016-3513", "CVE-2016-3514", "CVE-2016-3515", "CVE-2016-3516", "CVE-2016-3517", "CVE-2016-3518", "CVE-2016-3519", "CVE-2016-3520", "CVE-2016-3521", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3526", "CVE-2016-3527", "CVE-2016-3528", "CVE-2016-3529", "CVE-2016-3530", "CVE-2016-3531", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3537", "CVE-2016-3538", "CVE-2016-3539", "CVE-2016-3540", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3544", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3553", "CVE-2016-3554", "CVE-2016-3555", "CVE-2016-3556", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-3559", "CVE-2016-3560", "CVE-2016-3561", "CVE-2016-3563", "CVE-2016-3564", "CVE-2016-3565", "CVE-2016-3566", "CVE-2016-3567", "CVE-2016-3568", "CVE-2016-3569", "CVE-2016-3570", "CVE-2016-3571", "CVE-2016-3572", "CVE-2016-3573", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3584", "CVE-2016-3585", "CVE-2016-3586", "CVE-2016-3587", "CVE-2016-3588", "CVE-2016-3589", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3607", "CVE-2016-3608", "CVE-2016-3609", "CVE-2016-3610", "CVE-2016-3611", "CVE-2016-3612", "CVE-2016-3613", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-4051", "CVE-2016-4052", "CVE-2016-4053", "CVE-2016-4956", "CVE-2016-4957", "CVE-2016-5019", "CVE-2016-5408", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-5445", "CVE-2016-5446", "CVE-2016-5447", "CVE-2016-5448", "CVE-2016-5449", "CVE-2016-5450", "CVE-2016-5451", "CVE-2016-5452", "CVE-2016-5453", "CVE-2016-5454", "CVE-2016-5455", "CVE-2016-5456", "CVE-2016-5457", "CVE-2016-5458", "CVE-2016-5459", "CVE-2016-5460", "CVE-2016-5461", "CVE-2016-5462", "CVE-2016-5463", "CVE-2016-5464", "CVE-2016-5465", "CVE-2016-5466", "CVE-2016-5467", "CVE-2016-5468", "CVE-2016-5469", "CVE-2016-5470", "CVE-2016-5471", "CVE-2016-5472", "CVE-2016-5473", "CVE-2016-5474", "CVE-2016-5475", "CVE-2016-5476", "CVE-2016-5477", "CVE-2016-5488", "CVE-2016-5604", "CVE-2016-7431", "CVE-2016-7575", "CVE-2016-8000", "CVE-2017-3732", "CVE-2017-3738", "CVE-2018-7184", "CVE-2021-4160"]}, {"type": "debian", "idList": ["DEBIAN:390904FFE148E120DF4B08FAFECE0584:DD9E5", "DEBIAN:9DE5BE8B4A3901853E275481E780A803:00C17", "DEBIAN:DLA-132-1:941A7", "DEBIAN:DLA-139-1:543FA", "DEBIAN:DLA-139-1:5734D", "DEBIAN:DLA-1500-1:E6BD7", "DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-247-1:99960", "DEBIAN:DLA-274-1:EF71E", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-284-1:B7206", "DEBIAN:DLA-288-1:31147", "DEBIAN:DLA-288-1:36C61", "DEBIAN:DLA-288-2:68C70", "DEBIAN:DLA-288-2:B65D2", "DEBIAN:DLA-303-1:590A1", "DEBIAN:DLA-315-1:C6985", "DEBIAN:DLA-335-1:922EB", "DEBIAN:DLA-344-1:06D89", "DEBIAN:DLA-354-1:44D8A", "DEBIAN:DLA-358-1:3BE9B", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-410-1:EF000", "DEBIAN:DLA-421-1:B4088", "DEBIAN:DLA-427-1:5E878", "DEBIAN:DLA-456-1:BB65D", "DEBIAN:DLA-478-1:B8B63", "DEBIAN:DLA-479-1:373A9", "DEBIAN:DLA-480-1:4EC2A", "DEBIAN:DLA-507-1:8A944", "DEBIAN:DLA-556-1:54106", "DEBIAN:DLA-559-1:E64BA", "DEBIAN:DLA-567-2:D29AF", "DEBIAN:DLA-579-1:07997", "DEBIAN:DLA-579-1:0F380", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DSA-2686-1:EE02D", "DEBIAN:DSA-2950-1:15DF5", "DEBIAN:DSA-2950-2:DC295", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3125-1:14B8F", "DEBIAN:DSA-3125-1:8906F", "DEBIAN:DSA-3142-1:A3964", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DSA-3147-1:2E393", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3287-1:1A401", "DEBIAN:DSA-3300-1:1F74C", "DEBIAN:DSA-3316-1:0E231", "DEBIAN:DSA-3324-1:377E6", "DEBIAN:DSA-3325-1:A3689", "DEBIAN:DSA-3325-1:B1666", "DEBIAN:DSA-3325-2:8DA4D", "DEBIAN:DSA-3325-2:9B1A3", "DEBIAN:DSA-3336-1:73822", "DEBIAN:DSA-3336-1:F9DC2", "DEBIAN:DSA-3339-1:3BF63", "DEBIAN:DSA-3388-1:B971A", "DEBIAN:DSA-3393-1:1B40E", "DEBIAN:DSA-3406-1:46642", "DEBIAN:DSA-3410-1:624AB", "DEBIAN:DSA-3413-1:0CE34", "DEBIAN:DSA-3413-1:12F1F", "DEBIAN:DSA-3414-1:421D5", "DEBIAN:DSA-3426-1:7C23A", "DEBIAN:DSA-3426-1:AC984", "DEBIAN:DSA-3436-1:AA225", "DEBIAN:DSA-3436-1:E5B07", "DEBIAN:DSA-3437-1:2CB31", "DEBIAN:DSA-3437-1:59807", "DEBIAN:DSA-3454-1:3BA83", "DEBIAN:DSA-3457-1:35F23", "DEBIAN:DSA-3458-1:53966", "DEBIAN:DSA-3465-1:584E2", "DEBIAN:DSA-3489-1:1F09B", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3491-1:35440", "DEBIAN:DSA-3500-1:1A27F", "DEBIAN:DSA-3566-1:D74F5", "DEBIAN:DSA-3624-1:112F8", "DEBIAN:DSA-3624-1:EC39B", "DEBIAN:DSA-3625-1:AF539", "DEBIAN:DSA-3625-1:D5F66", "DEBIAN:DSA-3629-1:3CA50", "DEBIAN:DSA-3632-1:E9501", "DEBIAN:DSA-3632-1:F9C2A", "DEBIAN:DSA-3641-1:5EB84", "DEBIAN:DSA-3688-1:3F736", "DEBIAN:SSL-:00C17", "DEBIAN:SSL-:DD9E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-3410", "DEBIANCVE:CVE-2013-2064", "DEBIANCVE:CVE-2014-0224", "DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2014-3569", "DEBIANCVE:CVE-2014-3570", "DEBIANCVE:CVE-2014-3571", "DEBIANCVE:CVE-2014-3572", "DEBIANCVE:CVE-2014-8275", "DEBIANCVE:CVE-2015-0204", "DEBIANCVE:CVE-2015-0205", "DEBIANCVE:CVE-2015-0206", "DEBIANCVE:CVE-2015-0228", "DEBIANCVE:CVE-2015-0235", "DEBIANCVE:CVE-2015-1788", "DEBIANCVE:CVE-2015-1789", "DEBIANCVE:CVE-2015-1790", "DEBIANCVE:CVE-2015-1791", "DEBIANCVE:CVE-2015-1792", "DEBIANCVE:CVE-2015-1793", "DEBIANCVE:CVE-2015-2319", "DEBIANCVE:CVE-2015-2721", "DEBIANCVE:CVE-2015-2774", "DEBIANCVE:CVE-2015-2808", "DEBIANCVE:CVE-2015-3183", "DEBIANCVE:CVE-2015-3193", "DEBIANCVE:CVE-2015-3194", "DEBIANCVE:CVE-2015-3195", "DEBIANCVE:CVE-2015-3197", "DEBIANCVE:CVE-2015-3236", "DEBIANCVE:CVE-2015-3237", "DEBIANCVE:CVE-2015-3253", "DEBIANCVE:CVE-2015-4000", "DEBIANCVE:CVE-2015-5300", "DEBIANCVE:CVE-2015-5600", "DEBIANCVE:CVE-2015-7181", "DEBIANCVE:CVE-2015-7182", "DEBIANCVE:CVE-2015-7183", "DEBIANCVE:CVE-2015-7501", "DEBIANCVE:CVE-2015-7575", "DEBIANCVE:CVE-2015-7704", "DEBIANCVE:CVE-2015-7979", "DEBIANCVE:CVE-2015-8104", "DEBIANCVE:CVE-2015-8138", "DEBIANCVE:CVE-2016-0701", "DEBIANCVE:CVE-2016-0702", "DEBIANCVE:CVE-2016-0703", "DEBIANCVE:CVE-2016-0704", "DEBIANCVE:CVE-2016-0705", "DEBIANCVE:CVE-2016-0797", "DEBIANCVE:CVE-2016-0798", "DEBIANCVE:CVE-2016-0799", "DEBIANCVE:CVE-2016-0800", "DEBIANCVE:CVE-2016-1547", "DEBIANCVE:CVE-2016-1548", "DEBIANCVE:CVE-2016-1550", "DEBIANCVE:CVE-2016-1938", "DEBIANCVE:CVE-2016-1978", "DEBIANCVE:CVE-2016-2105", "DEBIANCVE:CVE-2016-2106", "DEBIANCVE:CVE-2016-2107", "DEBIANCVE:CVE-2016-2108", "DEBIANCVE:CVE-2016-2109", "DEBIANCVE:CVE-2016-2176", "DEBIANCVE:CVE-2016-2518", "DEBIANCVE:CVE-2016-2842", "DEBIANCVE:CVE-2016-3458", "DEBIANCVE:CVE-2016-3485", "DEBIANCVE:CVE-2016-3498", "DEBIANCVE:CVE-2016-3500", "DEBIANCVE:CVE-2016-3503", "DEBIANCVE:CVE-2016-3508", "DEBIANCVE:CVE-2016-3511", "DEBIANCVE:CVE-2016-3550", "DEBIANCVE:CVE-2016-3552", "DEBIANCVE:CVE-2016-3587", "DEBIANCVE:CVE-2016-3597", "DEBIANCVE:CVE-2016-3598", "DEBIANCVE:CVE-2016-3606", "DEBIANCVE:CVE-2016-3607", "DEBIANCVE:CVE-2016-3608", "DEBIANCVE:CVE-2016-3610", "DEBIANCVE:CVE-2016-3612", "DEBIANCVE:CVE-2016-4051", "DEBIANCVE:CVE-2016-4052", "DEBIANCVE:CVE-2016-4053", "DEBIANCVE:CVE-2016-4956", "DEBIANCVE:CVE-2016-4957", "DEBIANCVE:CVE-2016-5408", "DEBIANCVE:CVE-2016-5477", "DEBIANCVE:CVE-2016-7431", "DEBIANCVE:CVE-2017-3732", "DEBIANCVE:CVE-2017-3738", "DEBIANCVE:CVE-2018-7184", "DEBIANCVE:CVE-2021-4160"]}, {"type": "dsquare", "idList": ["E-633"]}, {"type": "exploitdb", "idList": ["EDB-ID:35951", "EDB-ID:36421", "EDB-ID:44041"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3669856906D0EB94F0412638C1410833", "EXPLOITPACK:3677CEA2F5D55BD8516ACA2EC17EB7DE", "EXPLOITPACK:99988BAE0A27143CB886C29FF1A9E24F"]}, {"type": "f5", "idList": ["F5:K02201365", "F5:K04403302", "F5:K04734219", "F5:K05016441", "F5:K05046514", "F5:K07538415", "F5:K10065173", "F5:K10600056", "F5:K11100332", "F5:K11251130", "F5:K12824341", "F5:K13540723", "F5:K14638", "F5:K15325", "F5:K15702", "F5:K15882", "F5:K16013", "F5:K16057", "F5:K16120", "F5:K16123", "F5:K16124", "F5:K16126", "F5:K16135", "F5:K16136", "F5:K16139", "F5:K16674", "F5:K16864", "F5:K16898", "F5:K16903", "F5:K16913", "F5:K16914", "F5:K16915", "F5:K16937", "F5:K16938", "F5:K17113", "F5:K17232507", "F5:K17251", "F5:K17566", "F5:K17588029", "F5:K20804323", "F5:K22334603", "F5:K23196136", "F5:K23230229", "F5:K23453330", "F5:K25075696", "F5:K30184101", "F5:K30714460", "F5:K31026324", "F5:K31372672", "F5:K33209124", "F5:K34681653", "F5:K36488941", "F5:K37540306", "F5:K40444230", "F5:K40521234", "F5:K40524634", "F5:K42204713", "F5:K43205719", "F5:K44512851", "F5:K47145213", "F5:K49233165", "F5:K51920288", "F5:K52349521", "F5:K63675293", "F5:K64009378", "F5:K64505405", "F5:K71245322", "F5:K75152412", "F5:K79215841", "F5:K80996302", "F5:K86772626", "F5:K93122894", "F5:K93600123", "F5:K95463126", "SOL02201365", "SOL04403302", "SOL05016441", "SOL05046514", "SOL07538415", "SOL10600056", "SOL11100332", "SOL11251130", "SOL12824341", "SOL14638", "SOL15325", "SOL15702", "SOL15882", "SOL16013", "SOL16057", "SOL16120", "SOL16123", "SOL16124", "SOL16126", "SOL16135", "SOL16136", "SOL16139", "SOL16674", "SOL16864", "SOL16898", "SOL16903", "SOL16913", "SOL16914", "SOL16915", "SOL16937", "SOL16938", "SOL17113", "SOL17157", "SOL17232507", "SOL17251", "SOL17566", "SOL17588029", "SOL20804323", "SOL22334603", "SOL23196136", "SOL23230229", "SOL23453330", "SOL30714460", "SOL31026324", "SOL31372672", "SOL33209124", "SOL36488941", "SOL37540306", "SOL40444230", "SOL40521234", "SOL40524634", "SOL42204713", "SOL43205719", "SOL47145213", "SOL49233165", "SOL51920288", "SOL52349521", "SOL63675293", "SOL64009378", "SOL71245322", "SOL75152412", "SOL79215841", "SOL86772626", "SOL90542710", "SOL93122894", "SOL93600123", "SOL95463126"]}, {"type": "fedora", "idList": ["FEDORA:0247660876CD", "FEDORA:0309060CF36E", "FEDORA:0A3A560481D7", "FEDORA:0FE8860E4374", "FEDORA:13A9D6049716", "FEDORA:13B146087AAB", "FEDORA:13EED60DC938", "FEDORA:146EF61A1014", "FEDORA:1B5E26014558", "FEDORA:1BCBD6087EFA", "FEDORA:235CB60918EC", "FEDORA:27BE8609204C", "FEDORA:28ED3610D7CE", "FEDORA:2BE5D60BDFEF", "FEDORA:2C4EB601455B", "FEDORA:2C5E360874CA", "FEDORA:2DDF56087EFC", "FEDORA:2E88760877A1", "FEDORA:2F34C6133E02", "FEDORA:30C4560E4589", "FEDORA:30C4A60C450A", "FEDORA:33F3A604C871", "FEDORA:361B46048FC9", "FEDORA:3733C6079D2E", "FEDORA:3A6FF60779A2", "FEDORA:3AA44605DCD5", "FEDORA:3ED73605E19A", "FEDORA:4007460D633E", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4228960617E1", "FEDORA:4329260E587A", "FEDORA:43935602185E", "FEDORA:4413E6087D61", "FEDORA:4467B60E6CE0", "FEDORA:44719604F0C3", "FEDORA:45EA7605A34A", "FEDORA:4B961604A720", "FEDORA:4EF2660E458B", "FEDORA:50E7D60F2C0C", "FEDORA:5279262222BE", "FEDORA:52C43604E44B", "FEDORA:561B260CE121", "FEDORA:568C0605A286", "FEDORA:56D376268FDB", "FEDORA:581F9608B7DF", "FEDORA:58A826087D72", "FEDORA:58BAF60A0C7C", "FEDORA:5CE3E6118DC1", "FEDORA:5FDDD607973C", "FEDORA:6C28E6098B16", "FEDORA:6CE3D20E51", "FEDORA:6DCC66067328", "FEDORA:6EB0220FFA", "FEDORA:77D0F6087C08", "FEDORA:7B66961B84A2", "FEDORA:7B6DA60CB977", "FEDORA:821736164C16", "FEDORA:8830E6049DEB", "FEDORA:8A5146071240", "FEDORA:9242E60D30E0", "FEDORA:9278321934", "FEDORA:955A2608A1F0", "FEDORA:997B660D68A4", "FEDORA:9AEBD6087C55", "FEDORA:A3C8D604C8B1", "FEDORA:A69386143D9F", "FEDORA:A8CDA60E1392", "FEDORA:ABDD7608A209", "FEDORA:AC832604E903", "FEDORA:AFA96612EFCF", "FEDORA:B123D6237604", "FEDORA:B1D43608A1FC", "FEDORA:B51DC212EF", "FEDORA:B5B2D600DD01", "FEDORA:B758360EE970", "FEDORA:B936B608A494", "FEDORA:BF30B604EC08", "FEDORA:C277D20308", "FEDORA:C4392608A4B4", "FEDORA:C4B9C600DD15", "FEDORA:CA868607A1CD", "FEDORA:CE4F260CE12E", "FEDORA:CE95660677B3", "FEDORA:CF2EC6087E4E", "FEDORA:D0DE56087498", "FEDORA:D241A60EFAEF", "FEDORA:D331C6087C6A", "FEDORA:D5B9761C9D69", "FEDORA:D6F3461C2306", "FEDORA:DDD696087CE5", "FEDORA:DF12460167D9", "FEDORA:E2E6921BA7", "FEDORA:E328560486E4", "FEDORA:E523360D8734", "FEDORA:E67696087B8D", "FEDORA:EC00C6087D62", "FEDORA:EC81E60167DA", "FEDORA:ED7C56087EF2", "FEDORA:F09EC61BF6F0", "FEDORA:F38FB60CBEE0"]}, {"type": "fortinet", "idList": ["FG-IR-14-018", "FG-IR-14-031", "FG-IR-15-001", "FG-IR-15-007", "FG-IR-15-013", "FG-IR-15-014", "FG-IR-15-015", "FG-IR-15-023", "FG-IR-16-012", "FG-IR-16-026", "FG-IR-16-035"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "03532A19-D68E-11E6-9171-14DAE9D210B8", "075952FE-267E-11E5-9D03-3C970E169BC2", "0765DE84-A6C1-11E4-A0C1-C485083CA99C", "0DAD9114-60CC-11E4-9E84-0022156E8794", "10F7BC76-0335-4A88-B391-0B05B3A8CE1C", "1AAAA5C6-804D-11EC-8BE6-D4C9EF517024", "215E740E-9C56-11E5-90E7-B499BAEBFEAF", "2438D4AF-1538-11E5-A106-3C970E169BC2", "29083F8E-2CA8-11E5-86FF-14DAE9D210B8", "2CABFBAB-8BFB-11E5-BD18-002590263BF5", "2EEBEBFF-CD3B-11E2-8F09-001B38C3836C", "3679FD10-C5D1-11E5-B85F-0018FE623F2B", "384FC0B2-0144-11E5-8FDA-002590263BF5", "3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "44D9DAEE-940C-4179-86BB-6E3FFD617869", "4AF92A40-DB33-11E6-AE1B-002590263BF5", "4C8D1D72-9B38-11E5-AECE-D050996490D0", "4E536C14-9791-11E4-977D-D050992ECDE8", "4EAE4F46-B5CE-11E5-8A2B-D050996490D0", "5237F5D7-C020-11E5-B397-D050996490D0", "5AC53801-EC2E-11E3-9CF3-3C970E169BC2", "5B74A5BC-348F-11E5-BA05-C80AA9043978", "67B3FEF2-2BEA-11E5-86FF-14DAE9D210B8", "6D33B3E5-EA03-11E5-85BE-14DAE9D210B8", "75091516-6F4B-4059-9884-6727023DC366", "76C7A0F5-5928-11E4-ADC7-001999F8D30B", "7B1A4A27-600A-11E6-A6C3-14DAE9D210B8", "8305E215-1080-11E5-8BA2-000C2980A9F3", "8C2B2F11-0EBE-11E6-B55E-B499BAEBFEAF", "9D04936C-75F1-4A2C-9ADE-4C1708BE5DF9", "9D15355B-CE7C-11E4-9DB0-D050992ECDE8", "9F7A0F39-DDC0-11E7-B5AF-A4BADB2F4699", "A12494C1-2AF4-11E5-86FF-14DAE9D210B8", "A8EC4DB7-A398-11E5-85E9-14DAE9D210B8", "B2487D9A-0C30-11E6-ACD0-D050996490D0", "C4A18A12-77FC-11E5-A687-206A8A720317", "CA5CB202-4F51-11E6-B2EC-B499BAEBFEAF", "E05BFC92-0763-11E6-94FA-002590263BF5", "F7A9E415-BDCA-11E4-970C-000C292EE6B8", "F9C388C5-A256-11E4-992A-7B2A515A1247"]}, {"type": "gentoo", "idList": ["GLSA-201210-05", "GLSA-201405-07", "GLSA-201406-19", "GLSA-201407-05", "GLSA-201411-10", "GLSA-201503-04", "GLSA-201503-11", "GLSA-201504-01", "GLSA-201506-02", "GLSA-201507-14", "GLSA-201507-15", "GLSA-201509-02", "GLSA-201512-04", "GLSA-201512-10", "GLSA-201601-05", "GLSA-201603-11", "GLSA-201603-15", "GLSA-201605-06", "GLSA-201606-11", "GLSA-201607-01", "GLSA-201607-15", "GLSA-201610-01", "GLSA-201610-02", "GLSA-201610-08", "GLSA-201612-16", "GLSA-201701-43", "GLSA-201701-46", "GLSA-201706-18", "GLSA-201801-15"]}, {"type": "github", "idList": ["GHSA-5GGR-MPGW-3MGX", "GHSA-7JW3-5Q4W-89QG", "GHSA-QG25-HGJV-CG9Q"]}, {"type": "githubexploit", "idList": ["328E8BFC-210D-5993-885E-7710FEE734CC"]}, {"type": "hackerone", "idList": ["H1:103991", "H1:113288", "H1:115748", "H1:119808", "H1:128169", "H1:134880", "H1:194761", "H1:197253", "H1:216271", "H1:288966", "H1:318594", "H1:50170", "H1:50885", "H1:648434", "H1:73241"]}, {"type": "hp", "idList": ["HP:C04451722", "HP:C04720842"]}, {"type": "httpd", "idList": ["HTTPD:60BF8A7CCF62E24F92B3DCCA0E53F1F8", "HTTPD:867B7FEBC94AAFD9542C6BE363C3D8A3", "HTTPD:E07AEA8765BD0F6E15AAD496A2714564"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140613-OPENSSL", "HUAWEI-SA-20141215-01-POODLE", "HUAWEI-SA-20150226-01-GLIBC", "HUAWEI-SA-20150919-01-OPENSSL", "HUAWEI-SA-20150919-01-RC4", "HUAWEI-SA-20160330-01-OPENSSL", "HUAWEI-SA-20160527-01-STRUTS2", "HUAWEI-SA-20160706-01-OPENSSL"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "0152A24867252D411C4140FCE0A92FD600DE3BFA39551FF64FE99835850EF5AB", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "03180DAB39E0A4D2F6A125A173EDF5A9BB41D6EC602F0BC77B45013371762493", "0327D6322E348CE4D393B14A7F3A3B993755DF0E1581BE7EA7B2EB1703C132DF", "03F6BE239E8BF6FDDA6BA3CD245A4F46A3FB8182F139BA77C08E9CD4C4A33FEE", "04538659F2D47E517CB506D258BBD837F111577F7C1EAE6B24A915799A34897D", "048AA308C625A32EC6DB549874FC81F6B800BA0EA59A9091A547DCEA6B0243B0", "055F14D4453D23442196CA3BC1C6E739FCA613AD1E84456CB7B5A48478285193", "061475F6E2C8D0A658F516F9A0D424318A271E2D29949317187FCBEFD3AB74A2", "065C6267E33F60E263D9B7F689F432B3413883F6EF7A0BE4EDF4BB598847FCFA", "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "070B63F4B5AA1ABA57892C3A0B6D95304819C7596D50A577F6DDE75F604323E7", "071B3ECF88492CB6DA63393D64D3FB74AB0EB97331D3FB675F3ED64F4D1398E2", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "0840225027FABDA459826FFEB2567F962694C590B4289850C4F762651A17B943", "098E1724D0D22BD8E0B54429E8D6B7A2A5B2B8403A792BB9788E96F4B4565340", "09B1CD3EDCD90FCD6DC97ABE199599811157B76EAA540A12E3455560901FCD6C", "09EFBF1EDC3D056A4C55B6D328B0019A52124F7A8C7DCA88E25031BCFD79F86E", "0A018131C7D1A39C9D2717C5F314BB8222C3AEF81C435194A7607FC0D35BC538", "0A94A36BE877692B2F0AB97F5081AA5C3010CDF94C05C7E8B0C0AC4E64BEBA67", "0AB5A9CCDFB8C604D4ADAAA64BE06DEC4E17E1D4FDDE56566BA83011AF4C59A2", "0B6B5447B33E56CF5B4322D00486B4377DC98D1379E334026C0032B8C80F0033", "0BFFC8DA3D20D61485D3B937CF8B08468DB94C6B523B29DE9871511B28C3EEAE", "0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "0CB790755A86B581A38C5E6BE6E3A26223CD5CF0D217D9AF43702EEF9E45DABD", "0CDFD8570C2BCFAEEA4CE83F890D6CA31BCAE04145F91E59910CA1669331D4EF", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "0D459600B092B85E783E0A6371C3E1BFEDCD18BC648ACAA512F5FB9EF050A910", "0D7A334726D7F8214BDF965C6B0ED351221CB7A9A083042878EB2C3CB193A50A", "0DF9253AF727D8388F8FCD3B325345C60991967B703210EE89018A164DCFC156", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0E96665079E56894EA39AFB24283955B35E3838213DCD87205604F5B1858EEA7", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "10B412598BD1C6860D10A6B4E53FE9E13EEE886F46048363F6C6BBF249459DBE", "10D01D812FA46A22B4D9C913390B89D005A090D6D56BE96CC6191E4A5C237C1D", "11452E38010E945A0FE01EFC4554F3798D8F99A1582985B386C674085821DFEE", "116CC00D5265D0FFFA8CE1B360264EF9FF95784E6C2C3F0019DE1DB74C6E9A89", "11850D4935C59F6F9B6E5C5A80BAF8C5490B646F230553654E07EC29A53AE9E3", "11D2941D2C8C3F09B99B7AD0F337748E31169A5FE52F793E615EFEA790066C89", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "12780044E1A62D25F913723FBCBD5B926E91CC9AC8CA8FAA1DCE18D02D152689", "12CC2B1AEAB57337E1D36E3D35D006E93F9D019551301EEB68A17B62851521CB", "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "1346B5802E1B15CAF71A1410B1FADFC9B05CE9AA4894F4F90F987EB39E8CFC74", "1381DDC2EB11D20FD35FD5133E3BDD2833703D883F98CAA012F0CFBF823F4A6D", "13A0372B23AE8A4E68139CD880DEBEEBDC7987A59621CA5160456B358686AF73", "1415F7F81FABE5FE357FDDCFC4CCBA37DA38729E3CE569D09188222ED976317F", "1421474503A03C31EB50268E172E3CD3BC05947AEFD88084C756A171F6BA9781", "14ACAB8CA0189B997A86AF4FDEDE80610DE9EAB9AC94A882276C8C1D630E0243", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "1692E31DE06522D070CBA0925000A0E5B3919A4208A617D14999AB0FB764FF7E", "16B3DAA9311F18385C330EF6EE8F7F81F1E9F017180F2D1039DA4A521BCFE83E", "1736B585D80ED031E004E1AC38E590615C7E0F6FE6AB8A15B1B90CB8EC998277", "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "18446F3D4547367B41578EB59FDF2A44E030BACDA28F49D9EEAAAAFDE99573DB", "184641991862DFB0F35C971BFCC1EB32CFDF27D59F9F654051C8A321ABA5D4EA", "186826DEC64CEF861CABB6400E9E91E4A3DA403061721894238F233211663F6F", "1881A1204BADBD9BD522A6CFF2A910C20362A745FD9338022BAA1FF39E57D778", "18D77DD2A4759D93A9472BD22A3514990EF37B289C3BEFF555D8AB6365CE5F43", "19014976708B59CA6D0D38BD53FC83A65A328CD06A0D3047C00AD7FB2745CD32", "19381B596DDAD25AEF97114618D93152FBDFB2C07A0F4F692E852D691167F676", "19836CFD4B17D54261C87EA5080CE00A6A0B8431CD9312140526446DBADCF9AE", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1A46129AC809B41F500970B41C9B22522A13E7E9D6A44839DC2EC0A7BF599993", "1A843547D5063F14046BF2E5CB1860630C9D296CA64E6F49114770A4500BF9B0", "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "1AB6C87822449F337525790F64ED73FED1F21D5955D5FB57AD3579D521F600BC", "1B2A94FC385D7D94AFCB490D7B33A59B4FE30EFE9AC4369DE4AC8270E6507BA6", "1BF3F83E9C70EE854C61B8530F6C49C87B34D98B653CF9884D471690F1C364D6", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C637E6084D0D71F962838FD3ABAE2EB0AD3F2EA6D45B6F434C07350A671EB47", "1CC7A3B18C6A6840C27A5AD471020D77EDB5E679DE0DE0349AD85905B0A529BC", "1E9B9D4DDB40D18727D4206F573E21C89F52C2E88F8950F063AC97CC123B82A3", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1EFCA96ED0F43F520BAAE2D9F621BE24624ABB18463E2EA095AD85756ECFD96B", "1F85DC40CCAC6193560C222233AFB88DDF301441A0F168CFDF21B3B88DF3BD1F", "2020ECD006208047A6BEA328FD4492CCBCE205CBA9B159EECFA5284D682EDB89", "21446E7BD60AF25A929641E2E18704321FB557C135FBBC6956A6264A3FCDF4B2", "21FB4E6484CD2C557315381AFCF80B167506D975B8CF95E078BEB82443AF7256", "222346B9710ED525F19CF0E5B8B42B38A67694F070D5F5B1E7D7F8C977993E4D", "2244436F502BD4ED1C081FDC68E7A71143D7F9B0E35067F1C1C77FB61470EC9B", "2287B7930359AFE1373993C3806D5B58E0203D7B34173EF0EFB1D583985E57C6", "235A36D9CC1BA1B9BEC5F6CAD35060A5EF1602254ADE78302EA78955288ACDFE", "2380AC5446A837687B94C80B43FDB2DEB52843ED074547C82BEAA12261E29C16", "23ABE24E8359DA211211D928CA035880A9B388325873C007BF19F1CB5F997D6A", "23E0854DA6601EECDAEE0594F591A86488CF01BE66C9986367D644B338C9D2A6", "23F4B88FE854F6472AF6E49BDCFC4F4C04A4941FED4D1CBE852D4468308A73E7", "2571018C4333BB3F6C19EC9F2B6BB5326A2BDD39E6D8AFC796E89DE41BBABC6B", "257FE3C03DF1EAAF4C91B06A98D64FF55D1CBD8F44963992BA87CE378431E9ED", "25D2B9C0FA0BC7D57BDB77AFAA062F9B600D1BCD47833017C2B0950C9718A7EF", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "2650AFBF84F5A110BE543D866E405B2673736E39406B209BB493BC69B63C62F5", "2666C659D997588714E14C01634C94F0B9A9EF963A2F6BD072D0D717E4DAB9DA", "26A1F6A8D3BAC2EA4C4C84E5F0A1288EFAAAFAB5F04F6434CDD540E150458587", "2830C710B20404D6B16EF9CB8161B321F59F7341D8798630B8603B369CA4ED57", "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "28B8DF9831CBE73F8343FFDD2D474F54B9183199B8325F3939FEFE6EFB27811F", "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "29687AF8C77B1B380581C7B76C863B078995151B56F0F908E108D3AB6EBE7340", "2A47C6B184BFB372CC546910FE342E2AFB808FD383AEFADD3CC13A1D3550C0D6", "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2D559605991F1CA79052D638B7A30228E86D07AFDF258611970D276D5AA39F4B", "2DD38E427DB50FDA5C4D07F52BDC62BA35206BA44BC185595E39ACAE88DD41C5", "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2E9D4568B743B9BD75F8462B4F4198F10C55ACF509C02151171249327D3AA277", "2F044E6D3403CF1CE244F404A02D2A1E0F016AD4BEEC5C72C153F07E02439876", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "2F9EB7050356C406E631B5274AEC53CACCB554C8B5CBCF823A2680028726AAAC", "2FACB142191F430AA0E02427A99B713A65BBC1222912675BBD7E0214DE6B1E59", "2FE25685E021FF1A9C831364B6F5965095F1E1B81C165A2C647499A7FF03D904", "2FE4FAEC11A5A595193A03B9D60E81D9623A26BB5D27D6ACC64201D05E5AFAA9", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "308A05F5B1028A741D58EC30AC13C7A0A2B660380B87E8811177772F0014DA1B", "308E7990CF653F320A779F892C70403DC99B4531DCBA2478F2E961436956D465", "30CE29210480BEEC2EB282BC15979827A9D22FD02B9CEC9C7CA1BFF2E6B78BD1", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "3173436321C56EFE717CD3157343D8881EA1EE61D9FFA6FAA9912F1C744A3245", "3178FA6550D0CA5B7581AFF56C262B6690B66E92C74AD43816F432ADEEC8DBD8", "324C3A5C08D06378229F5834017A7D422F8EA19DC545B4ED1C4E4AB6290D022D", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "3309187D4E18CA64FBA2802831081F87C606EFBA57F3B4C747B9B13ECD265CE1", "33596AE0FA9A021B9CBE43189EBF694196A79229432AAACF2EF64E319DC3AFBE", "33EAF4D2D1629463CA0D94D45BE0806D2DD557AF7064E0F83288B301688098DA", "33FDCFA5298EFD130804981B26E90E9A0EB95D5AF55B19E3B0A1A56C7DC9D188", "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "35E8926C22ED4C3243C1B5C02680DD61921D50FF6BE976433A3D51EB64E6BBB8", "363F1E6A6B5C2A70D13E0D8374B17FDF5930E05DCB5525830BB35B47CB16585E", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "370720DD138E7F0A22E9D2EC7B9B753467F08D4E08DA37215653D937EDB0E545", "376881B708EE709A23D7CF26BB3E3EFE99A529E7B07BD86A464ECD42C2CA569D", "37F40800D3418C50FFCD2A39357D854385B61852A824657B5C6B84F6EADDC390", "381ED3699651F44D736C9F0F7D611B0779505D220D566224222133A89182FBAF", "3899BD4528C3DED11372760AAF676C3C87D98D5142D95E7CEE23A06644E3B197", "38BC00D7FF3545C436AC4533805630DD0B45CDB4B97F36F6ADAE8817F3A655C7", "38CC3F0B1992B7F87CFBCAE3CC7B31F2966DC0FA035A5E4BF2B0AA5F15F1A057", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "38D4C164BC68F821F7E28FD2AF5038B7CE130E3B984B1492E8B2B3C50DA33C34", "3918C76EC7F53EFDF9D130FFCD6246ECA57AF2056C25E6C5539574FCFF5D00AA", "39363AED3B9BDDB49D0C52F0CDFC81C967AD700C9C11C5FCBC2F96F1F4C99487", "394DCE048C80EA7FBC9729F2ABBD35934357251FFB3C2E744949621C8C8FA1BA", "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39CAE5EE9A0F3DE219E28E6A3BE90E3B8E089FF2AA4C74E8BE3A4E2714716AC5", "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "3B11861A1C6A1658F4CCA0857EFB445DDD388E749F390CC0A61C823304AEAB17", "3B89A4A548FBB52BBFB9DB182C4EE146D4A3117872EA7C10FB010AAD3109C9D8", "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "3BD9F59D430F0671826CE5A5D70AECE9FBADDF777CCC7279E1EE158F4CF755B9", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3C37A4D590FB68C9A8E04A39047280D96920D7DC8C3F53505F4CE6EE9ED89688", "3C630E87CC8A98E980FC5838CF94096C676B99FA65014F79A0F1057053EEB9E0", "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "3CF5B36481AB7E8BDD7E46F138D4A0F805DFBEBAB7935FE6D74F72C7767B9B16", "3CFF13ADA1D4912594BB3AC9D0D9ACB17881A208B1AD8998A1E8BD64DD6C5268", "3D12006C995C2C683E173419369377B400C7252133E8CFEEEC83E09104078893", "3D4CFBE81D9A6464F4AAC6F1D7E2E055CFF75F5E68D18F1B3154B9120325E8BD", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3DFE6203DB59955492FEFDC3D6D48EBB07936D0F880BA3893D07DEEAC6EC7CD2", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3E49CBEB811DC6FB2148BB6760DCF7F4195742A227E331F2B6FC77F6E3E6FB47", "3E8CBD7664E23468E3388AAA8D38722322E48FB06767224AD7578A77FEF26330", "3F0A86B9112F51C3B6A64183B5DCE227004E4FE8195B2CB6E060CDFA713A7026", "3F4AC905A4659886D4FC5BE38C6482D1DE3A6493436B82AA220F0C083EB26CCE", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F80F1C5995CB0E287AB72B1E8BF8C924AB58095FF03363465C1CD78E76837BF", "3F999F2698196B709133A31BFC040FECB99D04939110D66AF4407381FB44FD43", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "3FECBC639ADFEB79371F9900171834D9C0E821EFFB9AE772387931314E921F6F", "40489FD654D3490738C1405EBC8608A52B0A582682D7CE46247662E1E7EB57A4", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "412A23698346485ED0CCEA67B67B235B702886E4DF8B7C006C90674AF9BC802B", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "4278728D85C79F2084FC36711DAAF10C86E475C8E6940F2111DD155F1C48C0FA", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "44581CEFAAC57F6BA083046E8D17AC3B05F7A3FDCFB70055DF3548236FC99CA6", "4522A227EB971BB2248AEAE79E5A7A218D021F04BBA4DD6C720792ADDF5F902C", "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "456C529F31DA6640A3957D0434060FC5A0B534D5248ACDC94996B73B3F544122", "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "4658C62A77F48A34C93A36AA5082184E598712E676A47847A2174B2175EB4DBB", "46799FCDE18E3EFD375868A79B70BC4BEDEC133C2495D8AA8CF81D91E7DEF01A", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "4809400533FD6C30023AE955C69A543142E0C7DF76FF919FD4AE1E2A5EE20F64", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "487207556251CCA623451C2FE13E1DD4515281029DDDF8F15B99A5BC31D2B720", "494FCFB7068CB9C9CEB3FE685DE60B86133F530BABAFDA1274F0A594D23B03AC", "4A325EAEADE0B2570B74B5CC599F3C1975F694E5A8FF485F9EF08D83AF509833", "4A79091D287A34BA15193EFEEBEE7A6FA4A057FC165C69F6432AF6A12275881A", "4A95B1896DEDD8AF3CE304090A4953DAFAA77A9A536EEFFDA7A7CFB186AB1198", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4BFE30BDDE08FFC06253F80E424B5B9EC1414B2AB557CDFC42C49CE34AE44C33", "4C7ABD6184F07492CD3E68920C652DDC7C12A362007F11DC73BF8127F338162D", "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "4C81DB2D277BBB0E77AD563F80391527A2F6332652C81AE9734B9DFA21A1B434", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4CDD83266FF71A2D23AED46DC63B0A8C380FFEBAD67E6B7B0148CA59E8672206", "4D31930803D2C479476478125462D5DBFB1429D04F74E21FE79B6C97E7168687", "4D77034014EA28691F31F1A1AD3A78E0638E8CE056EBC57C6A804415C796E31B", "4E170B8FD5682769ED75972FAE0552F568BCBFC890B02D2B0B3E378720026C6B", "4E5AB790697553E0DD05AA9FB4B4B935D4F29DC9A935CD5E4CF4F19176B06997", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "4EF9332DC41BD9A19557ED28E080D548C37B2564308E9B4AFC6661AE1FF86428", "4EF982C974766057C7B93AEAB363E572E77E92BC1EDE757D6871ACBFAED6158D", "4F091727A4D56441A77F2619399BBF4B9AD8DA57A184A1C3CE7BAB8A507D6B5F", "5007847C128F9E3D31BFC95E261F4152F6B9DD1551B91A8CBFE6C1F12E8909A7", "502738BED676A72BA009ACC3FF8AE391A5C72BD07ACC6BCDD41E1CFA52F10F02", "503FD74F886DBC0A6A5895006871227440411D00C54D147CBFA7D89D5227DB58", "5049E0390F7FB17FC4FB6FCDA949E23241366872E7987B7D22194E73DA48367A", "50F17354A0A89B52C1E061D02F78509C6F34AF2860DC46D6DFC82469E2AB6C29", "517ED6B46A2D3B0E04DDB4B6B9CD4302B2390BD38C3C1127A87B5CADA67CA8DF", "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "5259AA5CACBCC342A208878B507D6FDE3F3A715EF67BB4F910C9ACC9CBBF706D", "5276D07236F09D5D4E1A38B4E304BC335E677F2639AAB1A09809E9794F9A17E1", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "52BACDC88952FDDA0E2AD245BFF0C77AD954ADED8187759D72D88112EE7DF7F4", "5318057D0471B508E9FE524F8B5349EA7FCFE8601407991A6972E6752252FC79", "5329CD1C63D2F95E92A27532DD149EA30C54823558FD6ECF9F637F7793762B35", "537C6D5AB87E83C60FB14762388F0A746DFE1C4977ECE943492A36A3E17E504D", "53C5D0378DD2F23947F42E54846A8F839F777754BB281BB0CD45684E4D1828A0", "5455A5366A120EFE046B191CE85A7EAC26F1620B600AC84C31362DD48C43453F", "54B24FB930A5B52A3EE2BE0710A1197AA5E07DB7049A776A73BD917EC40981E0", "54C81579611ADF090D2AF0FE832F96B44E0B4A797097BA6456C22FC6756AE38A", "54D8CEDBAC6FD9B41208009218D5BB60370978EE37D8959B1153B08392F7339A", "55916A93299C26CEFD57EAC9B4B44B5429F1C0F2F4BD066FC478F53F694F6BE0", "561CEC1045BBBD68C46C295237A02CBBD538F6877212896605834C5043950E47", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "56571F8D8AC469663A4379BD08C051690C597896DF1DC536B036CD0426D8412D", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "57D2B44B0BDBE18665618368148AA52E4651641C5FADC62DDCBB1A51F9CF8997", "58174A1A92DA00A6106D56A095BF5CB6B0FFA5F844A5A24527C861F67C0C9F69", "581C275093B683BB779DBFE1995D5CE6F40E4DDF3105B319DBB43DD3270F0131", "583218C6793673348464B4CA7ABCE493024F93CE8CBCA8C1FBCC2992D3BDC40A", "58E33C1549EB4DBC850E6823A153E89AA2B58543688B7109103E107A7E7D2EBE", "590F7AA732D08AE8302AF68434D55F5CCF9EF2B0DB532FDC7A2041F706C5FFFC", "591E98996DBAEC8DA2E30D3261AADF9BF750C358714362A5B9B9F30A1AC23AB8", "5926B06B5836107355202B59F17921C65906079055E12A028E4DD9F171FCF571", "599A8A2E36D1292ACD394C3442B78D3D323EE6686B7160B972508B995FF5C90E", "59D56E551F0858C15C0370A2B00AFEC30A4E07DDD4B419BAFCB87897BEF93C3D", "5A3DA932C26F9CF8D17B19C1875F653A0891006E087F0D4CB859C81D0D875725", "5A52E05798B8AB970AD9EC977030C97C931E6F10AE0FDD80F78789D15F3CC09A", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B1C8DFECC490501CCEC802D5035F91EA703BC6739953AA8A6A82F8771D1E1C2", "5B26FD90EB9E8DE2F0D408077305F80DFAAE07C63D10D4B5F66A6C16421AE7DF", "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5B9A50D9E3649F848A0A37452668DE4569DA15366553BACD2CF55D9BC49FB6EE", "5BA72E3DF4F52C4F4CAA4F86F92A38166E8CAFDAD00AD77270A13ABC5FC4541F", "5C152B4A839095A837C1241374AB44F70D93203A632EC12E321A761B67A29146", "5CAC33E06E2C656A8F0F2B3DD8616A6C1527F08B2D322F61DBC7614925A11B76", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5D430929F71D32516C9EC6330184BE099F144C8F467067DB72767978303BB30E", "5DB2E519AF6A44986FAE300E5FDDBCEF984C505505D899E05EED5F1A41CC440A", "5E2DAB17CB1D8636F0B8C789C12BF0A656BE2CC73DB7C669A7B515704D6DB5C8", "5EB502607883E6A042D2D4DC60A0E2A2ACAB576C3EB0BB62E9770B79899F0725", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "5F468E7095FD7CDC6ACB31C903D40522F03AE2C875C15B90AB7E04C796279517", "5F5982BCDCCD1BEEE011D85865D8E1FA5890F598765753DCC1F84A5EE6600B63", "615BC7F4DA333436381CA36075C21AE3168D8916C6701C65D498F26F92A209DA", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "628C9425E5431BE9014057AFDFA6432B71F3CD61D1B5A6D4BCC34623DE9C8567", "62B157899AFDFE3350565CDE520C60FAE6A0521AAFEE76BE82BBF76A02C1B3E6", "62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CD", "6366F9365DC3A4D56C669462E1CDF705517C5A22BD2429D5D47562A8B5941659", "637F608901EF8B9FD34455682320A8EBC1B665D4F6B5C7F53F3E57AE66C9AAAA", "63DAB7532D89108F5D2DC3FDE381EF3F537B4BD859941C18E4BAD485F5223BE3", "63F3E08E51FAEA55521F5ABD3CD04927C13CBB1DBA8387931598DC1D099B4DA0", "63FB87BD963C802AE05248A5B91A820121637B32C6439BE3685C2E1E04098097", "657606DB2CDDBBDF0E70FA07AB470C83F9CD3C70323D4ED1E7DB1979A6B5DDE6", "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "66015684C1166B9AFC7A09E01337D5D9FE20EF8B62A13053D95EA5EAE5B3DB9B", "66481A941DDCE6FDAA9A82898C1CC6CEA6E784E780138DBDD8B4B9BB6ADBA9F4", "6652670EF6E6EDBDD8B1BC971B1388AE4EAD3072A0556537B0DC7258BBDD9001", "6680272534C119E2F4255DAC0A5F66CF25F5D99D47E9760C164E835E0C60EF0F", "67094A2A1D56EF7AF18B0D1D8AC6F58CA7D894E158A2AB4C8C4B2E2328FEE85B", "67578E30259856437D267C1A3D6E2CF49BDE0DF9BE42CAA71809801A7935BE9A", "6771D22CBA4F411B776687E7E7DFC88A07A853D3773656BFD792DBCA38A8939C", "6808EC84BE4A9DD5A0B439C6FCE9D4EA1BDF91E3E0DEBF72E5BEFD925D973E99", "68965B30B36EADA4307038F4C06817684A78B4223983AC0AA179EC136618D394", "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "69708648D7347A46AB7B2DD1702D4EBF5A57623CDB811A18663D65A9AB17A3C8", "69E648231E4EAEC238E7B890A4F1D9D216A2D891B07882A95FBBE3C79E1EEED3", "6A1B2B7D498455FED8A78848C883FAB22D8F5242925205A658F6AF4A8B0172FD", "6A2E92D36FABC1D54E354DFAE40C5959271B5DD0561E7165A41D0F6CCD6A7B7C", "6A3D77C5871370931B8EF09D751C43CB7D88D1F4949B0388D3B5C4A8EB90C83D", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "6B43D849CF02C2C56C98AE74FFEA7666C4B326166515DDC2A9E18E2F7CCF729C", "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "6C1FFD4C64A90ADEECC342C463AE4A2D627A083EBFD6A4348B199A8C68A07F9C", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6D1260ED9EDDCDB5037EC1727A9F750274D0B23A082563C4B6104D9F7B30E4AE", "6DC2079D1DEF1A8376E6BDAF37134721B3E060FBDCEA886AA8D98E93AC31ADC2", "6DF3814722A33BAC4382EFDB9DF33B5A2FFEA62B91E068C5925CD8FDD7EED52D", "6DFC02A34D3BB730D9CBA6C97A8D3284FFD1FB8F5F3DD7D9B65FE6CA089C2006", "6E3DD8D635F925ADFEC4EE4DA2F5B022F2EA3005D11E90E959C070E6C237363C", "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "6F6FF23449572925FB1BCBDF3BC78A4879227959A3FDB4961404A9923DFE33EE", "6F75E784FFBDDEF009D7DFB08543CF829A176D18612C5AEDAE7729D887E98E89", "705280D237DEDB26D3D68396BC2097819ADC8127D93D08AF8CFC027E9A703179", "70D598FB0EC5B16C61F969E93550D01E02981B6F45DF9C62FFECF6A39D205317", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "71AA5C5E904974496D176E355A4DE8D09CA0D9EDF250F624E674107DAB718E9C", "720D598A4CC65ACB7F9B3A6A5114A03DA324ADED77C46B4A1FA12650E5168C6F", "721E6575EC4195C159F3DFAD38C6122D1576DA30768EE56292CD196BFE358988", "72ECA624F1897E880B20E3BA243FE78C6A66224FD180FE337A72D958F8C9A7F0", "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "7334315670DD2CB11A3544BF6ADDF33C038F5FDC7174D76FDA618631B3F74B69", "7340E3F23C51568EABC2A1B9C16B7F43FF518BC86EC0742E99E2F706100E06F9", "73613052C113EE53CC4E1916471E2FCF495F0A7CAD286D9F9DD528B4EA3EB491", "73A4E74D4C42B6050D535B368ACF1258DE6B4062962BECFDF4315D89AF7480F7", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "73FFF67D19D642018607CFBAF160BDD98E9BD5C2E6261CCDACF5A27C279444B7", "74883CCC877A00E64646F1A01AC3B85889471753497E3ACCE0292F7CF617291F", "749B6A6B6D38F5F07BF39330C93789453228E074FE9CD70890C9F69C2C3B6BBE", "74CEE8219E1D60BC6A66BBFFF067E8FF68222101E533A8C6D0FA63EFC99459E2", "74E497C52EEB8AD45FB3C1BCF26BE85AF9228F556103D174A27BE7A01D9231D1", "750AF6432F6476D75E53148C1320B292C1009046C8733595D70EB7AB5F389E6D", "7545FC6960BC08536BD63AD777890D26CE8FBACF18C55DCC74C636085DAC612B", "7560A74E2926246941C9FBAEBB3EC98EF899CD0E877EBB53F3C2438F3C7CB29A", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "76ED8A969B89E917406E6428B20653B4CA4683B94EF0C818185ED8F868517B34", "773B648DDD169BE7B3B19B2A3EE2F643C3F7AB2B1C9642B655A39AA249D945DF", "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "777F0F4D068445CD2731DBBEDCB91CDA67C414E34826465D084D57BB6B054DF3", "778A8DA732AEB0BA940EEDCF62963DA570CAEE6B4632E80356BBA4427AACFF08", "779938A97DD75A10751E55A3B6E010476A868FD02B431E3A808A6AA73C5B9B18", "787C1621D06EE465998FEBEFA80BA8B6DAEC2388BAF60D434FCE4B04471920AA", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "78EF34E58F8E57376150D3576AF7A765ED8B6853824D3AFA72955F906E85E789", "796495DF48E896CBE5E4039E801B828FC4C44608DD7CA7205D19E7F3388AC51E", "796F2C51B8319B8F5B27C4E255E73CC0426625F1153FF80E70B99CD9664E6699", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "79FF450C16609BDFE97D2B95AEC892EA9C8E34D6245BBEA39F89FD91A816BC7D", "7A5CFDE0E408F56F63908C5AD8E9CC9CDBD463ED34D1264C150C45B349777C80", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "7AEFC9814578EA5DC2EFFAE9F289D2307A840D9868EE8B6CED3F1E668F7010FC", "7B815188E16C52B322DD4246EBAB0FC7BA3EDE14D3D566E6B024A1EA3CA43349", "7BB3B13ED998CBA6BA07BEEC944B8CFF6DAC92CCEF1D7F6E64E9E8CF3D77AA15", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7C371350C79C6F7596054D8B19A4BAAD069A8ADE699FB847B44E70E03F3D6988", "7CB5C30B18A19EE98ACC8D66D181A33C3D847CA83CFE7700118C80C3DB0850CE", "7CE7B6121A220F746D7E7350024168EE4728D2E161FBFDE7CB9C7634F35AF8B0", "7D0F824874FF1A4ED25B5D2B00F6FFB88AC646DC56A7F3CB19D04C1B6520F296", "7D14B08C045BFDC910143AB7478EEF037B7EDE9D4C014BE6212BF743A8294BD7", "7D226D01806C1C59E6610F664A15F9D27774FD340AD97273C9BC5E1EA774E83E", "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2F62106B895325A750D4AC20BF018E0EF2AE3D85B9685ADBC3048C8D7487CA", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7EAF5CB207E5D468583094D39BFEB783DDAF939EF5BB4632C3FB6CBE7F70A7E3", "7EC649E6BC5F3D338DD0D070678E70EF4B5FA744C4A6157F839098EC69F3AD14", "7EDEEBC61F6BFC0FE12C8D103ADD7598538E4818C0A635851318C53F2171DC88", "7F939618289427F415F5FAE1B3FB138CE4BB917F17F3C723209877C015BEDE54", "7F9D32D042A33237277DC72EE5E58798328B2C5833F9E7376FDD718B9B7B04E2", "7FFC9D02CF4E41D82C797DF64C1AB3F317232B978DF318282845098228C6A4EE", "802538304F01065B2827B08F583BE8B36F2EB7C11AE879DD4BF44A7339230B9E", "80CBA97D4C339564CDD3571C5AAD9B39B1141264FBCE736F56AFF8266EA88A1B", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "8171031B4AFCAF4AE352A9966FFC68903C36C9CA22972CC21B629B2C8BC490FA", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "8231FCB823156A9FFD54E4122B0CB8FACB019DF1BE7C9AC11E08A11C07956B2F", "82D348B7AC274B1F17A78CC906F5DDC3A5C96BD23F4BB13600CC22F46FFF3EFD", "82DCDA96004A5FA5D49A7CFE54A99D1CD5DD4735B6B568B1A2432924A113F1A6", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "8343792166570C1EFFDE17C0CE71E2BFA9FAFD2B634FE6633BDB666B9BB31F52", "835D2A5A40C840ADDECF97F6DAF3BAC7FFF1CC2A6365101771BCDD83EB4E95A7", "839F371B87C6C1B7E2DCD5C3A8BD19F178D93671B15DBD8A4ECC452EA553DF43", "83BEC5BE76DF901F9313DC0E22D9F7B7B815E20E6B6815632BCBD80947228620", "83FA7A19C477B3CD7F62A6093A5E7FBA59DD3F7E01AC5792ED206BB8B735873D", "840E0B75D9A525859E6D257E20A9FBDAABF9390C554A5CEE157B1DD3B19422FA", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "84675A12010348000987B3B23199431634511DDFAE93164E5909BC080FB29130", "84A084E8F9C4963B56983A0250FEADD7B92C487E9B12A84B775AD4E5C6D3EBCC", "84E0BEE9973FCBC3D8D232CD96873AA330BDE3D9C599AC490D65C4DB3B787E3B", "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "8600D4FE1C84EFD70C8C1A94E48F4DDFC42B18B82D5F8C7EE6D12E22048B63B3", "86569DC1304F95D744865045A81A6FAA23B9E1424022D3523E5E95B8B420B3BA", "8702C386F98F6C97AD0CF2FAFC26BBD511DB58D3BE7F5F72BE419C2A81A0076D", "872675AF82ACDAC1F7258F099A712A59592C093E05C6D677D20EDEF5FDEFCC7A", "87319000F2B5718CA8299326C25D525A5823E683BAA1D88EDFF67FDA89964C14", "8731F85B75BA77CC3784CD784E98484D53CD189EA60F1F57A3A4EE351FF62B39", "87366B40E9156D7447CB2456B21C8ABF70E610637C7BE9F93FC7DAE990860D03", "8759A08F8DCE05EB5B0136A785BCAFCDBFE613A7D435C0FA20FDB4424A7CAC70", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "8895614CD28FCD83AB1CE346B560016135ECF081AAE437BDBC538A8B16E75D34", "8976330D24BA16C6597AF93C67C2A46121ECFA13975E064BAC48376E8563DA89", "899EB53FF6D7EF5FCBB2C9D9531FFAF9D68313191F09BD0D43CD9D8F32F900AB", "89DB701FDA8D57E716DB17DC1D2B06DF3EA63347FFD5556F145651826A5D4927", "89DBD775E165C8C80EAAC4824D0125B2291970233028B235C3C22D4EAF3CE227", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A73AC94075E067E0D2956EB222BBF00ACEC293AF298E2B41F4893F9FB9B6259", "8A7CBA2B71D5656EA1045254861664DE723E7E42111C9EB7B46C28B35C734DA5", "8A87036F5C290A7EB193FCCEE8F258BACCA1FC57CC5D8A56759A27F177621DF5", "8B152CDC9A53DF1C3A7E1D3C9E764839F5ED8E125E207AE55304C80E5625D456", "8B2DED0C68ECC00A46CE2034FAB93BA0EEB7F806C221A4FD33002EBA16C90F98", "8B8C66A4898A077124BBB8B80AF8131F97AB4CE33B457487C6EF966698FD1EC8", "8B8F474EAF8B4CA6EB6778674D0867DB42A06132F3C37EB84839E20E4F45E880", "8BB028E943A30864E5B923644DC6C0D0F02DF3A93C32F3073F32274A1694BF13", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8C627560C2A762877E29FE93CE22539B681C95B5EA745BEE68F35C8128768B4E", "8C9587F7869864B7CD3E6A14F5A82A1980553CACD4F24ED3FEEFB284B9586E16", "8D32D1F194329BA56AB2404AB16F06BCF8F5CE6BEC3C715F218ECA7ABBA7D4D9", "8D3643997EE0806897E34CF448BD704E8B4F3BBB0DAF35D7C37249981F0224D1", "8DF4CCE6D3B3BD6718CF128480B98B065BFD992080DFAD9ADB995CF2532B7EDF", "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "90B187AAB18271430FE3CD85277543D3D711DFD634CA7A0214510FF1F866C460", "922EFBBDA61CEA5F06FEE645F9FC8A4115B16B25207269DCDB61AC82E84A7B13", "923294A0D760CBEA1F881BDE77C3AD9511502CD4C82F443DA7F51400CA7FD1C3", "926064F28B2809B4877A8EA78CF19B1BD358570ECBEF53DC9ABC59798101D756", "92765D81072035449BBC85AE8BA3B1253ED518E7D82BB9301CFF2908A95278FA", "92D11E24F34620A6FE2D4691E3050E4E91C0E161FD1B94C9116E157ADB7BACCC", "937053D178A403D90ADE669A574517EC3D828AFADB2ABAAF335EADA26FB2E061", "93E6CE7CDF725BED97B1AAC0994B1F9EFD356E5E2E4CC74453BD85130A91F506", "9402A23A301ED61C04A3BA04E8F035A34519475984DC44EE96709E1042712C31", "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "94B0133D91DD1AAA87A9EB1F82E658000D52DE57AFAFF6E711787FF54BEEB5D7", "94B0A84F948BEBD11E6ABCE3D118F7FC06257AEC453FAFBCB09EDFB4AF4C95F8", "95A37AC2C7F105661E81CCB7B98B49EAB2848DF53F74121F0FEE7D2AE8FA7EA2", "95C2166E43A3844158C127A63BEE990F476F0FFC80988625C50E6A864E13875C", "9613E878D620A6D0F9489090E5CD7A16E4F4C366D560C6C54BC551EC99C4218D", "963C97708947B650528DD5B2F10F30BE9D3A2416B5003B02BA2A01BDEA29D732", "964EDC6CD9B7F054F4C96F9A72758F0466AA9B78A7A3E8AA96F516DFD1AB1CFD", "966BEAD90E79446B8744128993496F9D64DA8B378811559F1241DD3DB2BF54F2", "969B869C858F640A6283D702296C23A13A8A64586452AB7E6A37D5DA25ABC7B6", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "981AEA2811A325CF121DD605BCE212CD99B839C759F94EA338AF2AF04BCB92B2", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "99D8A2242C4257860DF42B10CC4BC15D4A28CE7A35CD078B24AE2BABEA92385D", "99E2A8F47F4108C69540D005070137804DC7E040890DE030D99CAAB2C61648E6", "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "9AF459A47C5F674E1EEAC9038F1A38BB0088437F8A8C2399C93B05ECFD317312", "9B0ACFF452374706F764D4FEC5E66F5BE1222C2B9DE832C586470B864A90F392", "9B10C60210681E01A350EFCB5307E300599D0216F275ED6B9791968B6EDCF048", "9B3FAF8E25D910B37ECDE9CDDF654F23BFDC8BF7D845184A2769393D46FD9EC9", "9B42F852F4AF0BA8746EBACEB82E34997A0D5C2467042997734953C2D009D359", "9B62CAF06445F7A9F3CB323F735964F6F62E516F86B9B57472BC20182276D3FA", "9C49B3B910ACAB3C030BC5586AFC34DCFAEE7EC64D7D8447E2AADA6C76053457", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9CF7AFC641D593C078C001F6D73228861A95BD08ECC59A04A92C63E668ABAD78", "9CFE387228EDF2444E256198F05B5F01FFC949159C2A45DBC145447CA2120FC2", "9D4CE3C1ABE40F94B4BE3EE8C4ACB8067AFF379F67374E38DF455E5F62978BC9", "9DCFEAFF697FCF94479FCBE5C14EBBC104B8E6B915283028D66CAE23113C0146", "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "9E763CC5C06E9D0016FE5BE4BB16307E811F31FE8614F3A6C156C677E04C7DAA", "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "9FBC8617200CF2B7AF16E266B4914ADB80990BED0550F197A87E06B5ED476D36", "A000D9D739BF19E450376504F59B738631A89DC3231F08AD20A9C9A368A1B2C4", "A01095B85130C6F3590205F9C223B6445272B68D08E6AB6E74247C45E91CE8A8", "A088E95B8F348168E2F9D59616CC8FEE986938DDF7C70A389A1EB3505D55DCA3", "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "A117FD05762925D936B7D3C2CDFC14E84E601A00B488EED04331F22B9C452C5F", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "A44A90E9B04B7C4B380EB943FF6ACFF64C74315668BA56172EFC9734F78EDAF5", "A497A1D974C650B87F954ABAF14686E1BAFCAD11CD42DB8BF1350373B7FB738E", "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "A524C83841372B2C7BB001C2CDF6FFC10CDB518EB622DE10EDC078C05F18FC87", "A53AB047D484B7CEFC288D2B4D810DAC537F3F75E6129B90A28D4BE9DA746C2D", "A58DA96E56F6C8713021FE70BABF6FE8D1BDE857288DB3839F4DC087C1E95668", "A5EE6903D383C042ADBB5FEF76C2F60C5F1B6BFAAA0ABAB88DC4660244B7AED4", "A61ACFBEA7EB35DC3E0966C9913AF28CB2C5D4D64F62042C595744E098F91566", "A66B40188EEE8A620CD04E78F7589B1845EB53B25BE856E3F288BC4126DEA9A5", "A6938267F339EFB6C26A98CB2E5497B85551E8B8E808EA76F61306999B98826C", "A75CF978305062012B0B6A4CC62CA7EB1F166F128DE714368CFD89193833D8DE", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A84A7C9BF929868F8166CB87D5CEFBA3C864431A4299CB147A963BF97FDE753B", "A89F1187EBB4D71E87F412A322E2529123CF9AAAB43003376056C4FAE55E8A3D", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "A9CFDC9D4807EDD132C8A5C5CC10D1E0ED146D4064FDA44CF9F4A843B35576CC", "AA65E01A5ADB89712C52EF9ED38433CC0B89DDE0A18D8B93797A201A1B88A405", "AACF6F6443D6B1F43A3B1EB2158C0974A7E3740F82735809A14DB68D406E34ED", "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "AAF0BEDBC015A01019E62C3F3EABFB77695C303802ABD26EA8E7CF7ADE986442", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AB1990CCF9D6A307BC98A44FDCD73837D64D583DA165615A5EAB1AC9A7D0F3F2", "AB73DF1DED880AA827EA4E5E91B8DBA3690CE7E70C1A60103A9F51A1BFEFA864", "AB7C7549C766E512A04307E28B24810554C55468A51111EA59F757952A32143E", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "AD38C68A33876D18A0E209E76DAFFA93CF8EFC1C5A82EC9AE2AB672BCFBEE893", "AD5AEF2A5C571C6008D3EFAB58A32CF97C5454F4FD7A2DF5AEB0C657936F1BE2", "ADF65B4A474E1421F71559C3F519C310FC36B59F7BDDCDE5839099E428CDBDB6", "AEC322D7B231A41EB50B885093083A12F434B90088B8332217FF86B6AE09FCAB", "AED94AF4E315E8E7BDF06C8D34600CE00152FB92595F55C751AE44CD3C6AAFFA", "AF0238154AA1358490B320F50C9820D8CA6D89CDB7190FCD9E4A0779A6DDCA6E", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "AF42BD53008E43A8F60AC336AAB63B4B1D9D0A7242D5CAF18118E642576D4117", "AF496E8C72489250D3F499580E263AE349F5F9559FF071587B820E41A492E9F0", "B008610A37C6D22744FBFF511A07C43195D3F707766A5E89AB1E4CFCD0DE65C5", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B065D5FBEE0500048771DD5D4E96DB98DECBC1A60732689D056C62E95ACFD6A1", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B0AAC7449E65CF150357BBDBC9E1E599F67978148C750B2FCBAB2FAEDE3E2E45", "B0AEB074FFA0854656EFE3CAF612805ED0F2B662B12263D2B3084481427FAB2B", "B180B820F6F3D6EDAC7172E78991F02AFB09886A95FE4CB55E9318F8D116CF4C", "B1DB72C0367C124FCB0F38FE4461054D946F67EFA306FEAECDAE4FD6E06D95E6", "B22C029F5DE1AFDA33C7E45788FCA8B344362343E55B19D3803A4CCFD8492525", "B26BA31F7C8E180B2476A6D17348E9C8899E4E6C0D69D13EE7B0DE3A1B8FD9D5", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B314C20BF91C600149F279A906C6EBEE84E73ADFE2036985C9D6023680EB2CA8", "B34A726A1AFF5A68AE72A224974D9923E1366B92AF2487CD076BA0E00E7E7A02", "B36E9A87D26819F1000CEFC942D54F874FD41DD569BBFF95F4C0A213C8333D83", "B3921AD53237CD309893EF9A4039A94178B245A6C3604A14153D2DAE483A41EC", "B405B568B68AFEA07B8166064FAA890F3BF9F3CC511F9A01DE32970B8A066315", "B4997BBD202D81055BD057D6162B0197578FF3830B26E9887179AA51B953191B", "B4C324A6FD8EF22AF23E006EF9A141FD3EBA5B12341EF67665F1428E1D1AA71F", "B577D1FC3D629F41024BCF0BE7C105068728300737337BFA3CE48C11EB6A3991", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "B5BA7A019881D4357D8DF943ED0F2EBF5D00B203B4AF8DE699E3A190780BD598", "B61307CAECBB5590BF8837472BAB9C85B9153B31B334257C484DD1ADD641B9ED", "B7B3FA2AFAFB2AC1DA355B883C70BC406537B6576B61CB09CFDE0F25E0AC2E81", "B7B6DBD5DE149088B4507A47E8A9905415DB4C89E037F2AE6689CE50D6386B86", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B80E857F01B07BE9A7EE60BFD8FF52F82A16A63194D34BC2560D982812DC6722", "B84C78D03D986BF322F4DAA6A582BF37937165F4BFD024C3BA31CB8D635DDAEA", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B92350DAAF295761666E616275C53B448D53547B60DB7478FE3FCCE518028947", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "B9AA00FC015715A7F77E8A6F3F5A720935FC98D8627A97262B8AA8F8417F3717", "BA0ECBE0DF73AF77D0BC9564AEB2B59377917457D1B75D09F5309EFDB91ECED2", "BA3DDD51DFB033E18FF49D92126084AE511DAC47EEB0E94DF2D74FF080666A8A", "BAC0ECD094048AB5764245E3813A4B3FD7B15C38CF78917E44082B74A378C2E8", "BB51B1CD5A42161B2D7937DBBCDFB1234DFC6114023656683DA2AFDAAC6A2542", "BB7F77CD9AD35B7EE730FF331031F1B862553B69BC5A147FDE9AB8E45486503E", "BBAF4A8874B4E6550EACD53B3B3956D87F91956BE43B6AC0570EF1AE5320225C", "BC4EAF61DE018F3DB7A7F596B8F8073F339BFA9444A0A1C43D76571F6F0EDA47", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BCB08F65FA14C39FC0F63A4FB245CBBA50B1FB4D616800144D405A6DA25EB62A", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BD5A8592894DFC559659FD42A38827EC577BA530F0B58F5F9014E3109AD96B82", "BDDBE42B21DF45097105022FFBB1D313AFDC210A48C4D8EBAD230F44D2E8CBE1", "BE5D938F4770D0AA90226E100E61C45C5FF16095FD13548582099E2D2BD7CA8C", "BE87D18966385196530BB6A07EE9BF3065B662716A4AB5C263377658C0F01C51", "BF213EBF65AF92778246EF4D81BE5B1C231E52C3E877DD795B29DD878DDC4E68", "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "C0FDB3F4B7A171D3937E45DFD9D337DEA2512F2ECDE945CC40691DDEB5689DA3", "C11C390B971E777914D85592C69C15B80ABB389FD00D2D905C82AF5F4B729A91", "C138C333E90DCA6AA63BD629BDB1BDDA88BA738775F97FDCB002A66BEFF89FDD", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DB9DF00AB208BADC001393BCFE99FE4AD1B2C7C68488061EC684A276D26990", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C20D55D97C39F8E03FEB56342C1371803FCCB056AF0AC5538E026EF36C395510", "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "C270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8", "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "C2CFA1DEAD18B4FC9084975943B8A115F5E71494D750B9381BE8C69C13EDB700", "C2DE286AAC09188FB56431A32870396BEB60EB9B39C5F589373BA4BCF647D602", "C31D150033FD48D09A309BBEFA4383E996752BB2E541CB9E4A69082ABF2CFD19", "C33C75D536D0395D907267D197964636B4CA8C5DFB52755A5682CF70BF8C7FB6", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "C4A25CF6BA3F6E71753F4E3FF5296DCAEA56B938BAE00EF5CB5BBAB12BD4FE3F", "C4FDA20D2B40995B6107B668E5B27AEAD5EA51C42F7A035DC4761653D1B94A39", "C60312DD4456859B78E832888299E71CCC39B8E89A87B06FA2CC4E4C62CD4C67", "C6222D8B5C5089ED0DA3DCBECFD071DAB2872D5C2C2038747C9C671477028135", "C62E2592B0FCAE9D52C20B9C7B33E6431777A77035FEB591505DA1F783B680C2", "C647AAD0793912354F54C4B8043E2D01E399C4D5A45845600A6C92FFFFA7A81B", "C6A2AFF0EF2B8E8391E208A26CC244DDAA37A79AE231F45EB2CC27F7B2D07758", "C6D76168198B9EF24D77F1D04BA06E30D33B0C7D71C8457114E69E1A43BB68AD", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C7AD01ED8396F848695B894C5031106AF62D73B726EC65BEE5BFFADBBB267B14", "C7AE65EB0D706F20B5B2D3D4E72252697ECA6AA7917A58A2DD40B4293B199DC0", "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "C847EA33C7950732EFA671EB689209F5059DA3AD7C15C24FAFBCFD0BAAFEC481", "C88ADBEA4F8A61ADBDF1DA25D72729E9902E90CA69E6C31DB456881DF5A6C601", "C9594147E388237928595F1CF759F8EC355015BE6AC29A030A2FA3207D9B6DE4", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "C99D1694993A63B13B3DCDE59C9A05AD82DBBD904140AE1DFD691BB96CB5D0D2", "C9A06C4BC1ACE55A17C7DD2D9DD98AA6FDEE59C9586CAFC2375754D88139C6F2", "C9A098A495C84449FE37F5185D9511BAF41B34B7A322B48105FF2EE7EC21E28E", "C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03", "CA6E3637DF88242A594D4031F99B9B52B31D310319B28927BA65F4CEA6A82F4D", "CAC8ED34222D34B14BFA3287FD19465EB8AFCF00CE3336A526593AC6DCD0075C", "CAFD515F067C0ADB25648289EE581F0602867E759926D5D9A4F349BAFFDF5676", "CB1B87BF4874E8E4FDFF0C5D0245F1B8EA7AF72E1648F87D112407D83AC6BFA1", "CB24DC19BF83B822003CABDD77CA54AAE9629C8F8261C7B16048FFD862AA120B", "CB2F2FB1A01CACB87D1CC3E387A764FC971F598C809C6359C82E48AEE7425658", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CCACF79B71B719DCED3056EA93C9CF9EF0251309B57479F56594DD483F2026B4", "CD1271F65919F0A27ABAC5D2FB90AF847030089BEFBA36FA40622E14F85284D4", "CD85593A91490D356153237E93D8272C35184E2BC68DD848E9A02EDD3BDE6E67", "CE5A2E40695AFADA32C2CA19691CD89CA1B35A315127B0F32CF305DAACB2ED23", "CEA8562241BE5A645E85774FF42FC74D03D022DC3900B1FAA02C44BE43266A35", "CEB12B4664C1D9045CE6A2D526284519816A08ABA9E1E6F54060B27C0BB3429D", "CEB27E785E600294CBB232BE2A4F87611DCB20D91D768C5E4A4B5C3B0D8D1D3A", "CF400205D925246630C27401AAFE4A535D4623838A972C087F26D86B886E2F0B", "CF531CAC76DDBE4456F0820A7939858EA06E071B4052A5CE0992D88CE2442928", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "CF99691D618EB1EA9A8A075EF91665712165EA871FA9FCC7A423963F869D124A", "D0423281F181B1E92869B5BC9FF74F864D924BA505452A3822D73132BA4D21DA", "D05CCE78047F8DFA45B21DFE0E7EB2FF33240CC3C29D657E0AFDDBDB1AD579FB", "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "D0B716391F80030BF988E290540B0ACE770BD27D3F36F2C823E1D371D32CEC50", "D1A3FD807BA4E7652F41DAF275B25C0E45AED49DE0DD3C98F3C83D50CD580F2F", "D209AAB4C0E35A5C114E62A6D853762DB0AA9080D963F0EECA922C5D3ED15307", "D23F03AB9983DD209184C6341CA20DBB1C7F8DA766136DEC3057D49A2330767D", "D25B9445FC278E9407AC074178FCC8A8B13B7AC4E61B4181E2C34AE764EF75D1", "D25E542BA06847406F0771CE578D65B5B33DC2B6075998991AD1E4B5FFA08DF6", "D2A8B7FD0D3A20180EBF8484490243C0DC038E552B987004A03D622D69BBA611", "D2DA907CE61C2922B06B26A8703271C7160B8BC26FC2454A769A36370BDF8D45", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3418B2E96E89CF57CA80D7EF71EB4B4A624C51867F542D04AC6C83CF95EA96D", "D3570BE110B3783A332CB217427414271B851FB390E6F1A5E4F69FBA81F8C175", "D3F2B69F6CA64D919AA9D68D5F3A3B4FF3FDD6E6FE626B4BDC20A3144536C410", "D40F4EBCFB3B9B87FEAF81679D29B29159EB7F73B00C10EA2566C6CA1BAE5EDF", "D453C632FF9EC3087898B06E3DFD86A6FE0EFBF4D9E74F1A54E4DB3CBADA0D49", "D4C14A34EC1B00D3147200FDC14C4DDC167ED501429795B352A596233DEA1967", "D4D42F15E592E98F112EFA53B5158D86EA79E4A7294251AB7991615DF7CA6494", "D5D68C274689503F08DAB338007FECB9B03D6956ECF160CECB37263C1DB02BAC", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D7007531075E41C1737535FBA94EACB87DF83DC9DEB1EC87D8FA448D6205D4F3", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "D711E8839F9CEAF79F79AAE8CD01BDCDBF7DCD4C0649106ABCD18E8CADF832B2", "D7FB374F1F666971D930971853DEE94DD556289B773317F7E0FC7C6FC4B491DF", "D833E20E555B781CCC2E63B4F1D72EF91246AA6A740DF25F5ACB992A26997A68", "D87699740B30BB25DEC2F8B16CA15FBC5C6247D272AD4BA218F8A206B588A8C2", "D8B250863238C046A54C09A85C8009F596E399D1BC415C09F32178FDB4C792F4", "D97523F351811F117C3809A675614FA0AA4991E5EDCB8B79553402FA3DF8666B", "D9B33FAA9F87D18625F5A08EF5634D73168FBB4A49FD551EFF5B173DEC473E84", "D9F3546932BD432766323A6E9A562D656E3EAC77AAB6EE3AAADFF6008E59BC30", "DAA1AB493771F23C03A5CF68B32054DD0BF2FFAABB82BF77077C01F8D84DFBED", "DB1D092F7A9003CE3422469DC672EF5AA2F47316275AF699D295717C3F15DF23", "DB866DC8DC23646847AE5E9E25C02B2DF2A195A414B2734DCAA102E637957BAF", "DBC08F11E8C546F68BF3DB9830663489611F4366FD7EB52BF39808F516F3BEA2", "DBD29332B6E297F25422EB8C28791AE3DD704B7B9FDB714ACE7016CEEC63D122", "DBE2C597A340BB7900131FBD56B9725ABD555479F4A26F00BC0341CBA4E926B2", "DC57438D564B92B5261B541A39F338A5C9FAE604E371F12C2D4293F9D72214B8", "DCB853353DA5AE8472FF1C9154EAF43C8CB8E459D966C1AF23119C800B2D4085", "DD276150642C7A4919049E6AEBEA80520991077A02AE872E9765C43C235BE583", "DD38275FC7A6C7310933EE72F39FB765D116781C288A9701506DA04B64DC99E3", "DD603376FFA47617C5E01EED76B19ACD3F19C889C704DD757CD908D1F8527392", "DD6B46FA2DDAAE6080D5C927EEA372B16800D8CB903BB5366DA05ECEEBE80546", "DD6D1ADB4E0823703EC8B875E430BC4DA6EC03FE4D9BEBF09A0A0BA75C5488A1", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDAE44367545E909F1C5E82BA6B48DEA1D51F717CEAE6CED7805AFEA883D85F1", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DEC8B1857975B965D873A8BB6F56B19058C4EFA0C242EB808E499279F11EE7B2", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E0447BD0950B58D8A54841089C4AD74556C4CF67BD1C5C5CEBC918E3088B2FA5", "E083AEF7E32576EE35EBC792C463859DEE8AF7CE4CA6E690788B1FFF379F7957", "E08ECA9D338354D63D75E5F0CEFE7A9EAB8C4F5A20A29A033BF48E7765D9BAFF", "E09B37247D5BC4E868BA5B9FFFAC5DEC5D27F09FEE3DEFE0FDF7580995E1A840", "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "E1AE7C0A22A69BD8715169108247C105632920F2D3FF1536C2927E5CE60B98F2", "E1C25EDBD5D1F3C1DFA8BCAFA8B8963C347E1B9A63ADCFDFCD905869C3B39E93", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E35B3BFF26EE49538A5E52DCE95E046C70D680FA622448F3D6FE654C3E6D6A09", "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "E410710A81FC685FE45ADC2C5389D76BEA00C26109AA8757AC86027F3C12F1A8", "E43F9823C0D77D4C2FB25C8FE46F924BF9F48ADE6C0D05A36F9B2E202630F8A2", "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "E503DEB61BB4A13FF7955EBAC438276557BFDFCC33EB33C034096CB3EFEFB35F", "E5CCFEB8FF61741D5445DECFC644AF15349B27D60E9FAC68BB92BC49C83938F2", "E6153C35BD44471C95F1EFEED9B29C46E12A43C017CCADB1D87BD84154E4A620", "E61A4CE8E97A4A1CE60ACE22E091D7CD4A74C3373C60F6C37FCB9C0EFB0E10EC", "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "E67441CCF9840E74E9AC61C45895075B9F65BB9C0A44EFD9BE418AA4A069F2CD", "E6941D2C78AB15CBFDEE44862F78BC64B8666D55E6564FAFE4207AE63A7F1350", "E724E59674A5FAAA2E20B6D20583DEBF17E0AF4DDA7B45308A373ED95976AE19", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E7C680A93C62F0B55F2401C00071445427D43012DF7D06E7DC5A5AB3EC669708", "E8A312ECF86D6A1C6D9722B8D51FDE987A400AF0C6568E0E843C6327878D3511", "E8A9D3E9EB263B8252AC392A110C5699C152EBE388EA85E79DC45D6A3DA9A738", "E8CC192D6E15BEBE986983A316004294627ED7683B92C8AA39E3B1075CDDF8ED", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "E919E9A36C657D0228D3DA8A63FA716B3583174E73FC9F478D6A0F12BD9E2448", "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "E9A3E2EA3AE2ADD4620D37196036A6030F0C51283082B6F6903A10C2A73E5C49", "E9B780D055080864EB3A1A2DBD34CE1F44CB522B4C3916540A535B3B9DC19BC6", "EA4BC9A6E1BC28B39AE0C360DA599139777EC05EDFDC5120E91AC3051300D3E7", "EB20B672B0F8880C0E9D8D5292F68305326883CCEA193494DABCBD14BB06A184", "EB29912BA3125220228A3E0ECE64F9A835E8E7C353B5EDF3F1E3E9C50AA8FC18", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "EC4680A726FB50E4B12980B4ADD271AC01D733FEC93E24F9E55438A2237587BA", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "ECEDCC21226E7AABE0C2F6E4A0B1F49C6E563703F477B53AC27B9E48E4049266", "ECF06138F829B325BA5C57FAF5FB916F90E229CE209E8C4E69FC4ABB87903647", "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EDF4B5A27866764F46339E29215E0B00F97C916965ECE1597B9CD93AA0C2F432", "EE10C38D24F0D49C2129BA7090605392BB0D751675F9906BC012259726EDCF59", "EE13AC8357DD960F4675FB52EA635CB1F98308493448718725A86592C6B9B86C", "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "EED70DAEC5A3F44677119009339AC1CBA0D09F4A1FB885C248E75518AAE762AC", "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF37F55BDAA7C23938ACD87E25A2EC35E294C9E979A0AA4A909DA2B9AD9237A4", "EF5A55D8CCABA9019F6306256CB26946DC810DE7EBB1EA5F4D90251B35752411", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EF9B6C270DCF82283BF13AFE4BD6A359C1D124B7D4895440A36E199964CDEF36", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F02D72DEE5DE583089D60AF63C6CC0F95B683C27779E590310FE393171FB9761", "F03761789311F13FC8DCBFA36CB247D8981ECE416EF278DBED25A379784F29BA", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F09AD94B48DEE6804F3C9AEE48EB9BA274CE6A40FCE684B18CF3D4B1944D4CCE", "F0ABD172DAB727B9E1A590E26426CC6FC3FB7572FBBAACB844B6C8AA844A1A2D", "F22F8C611651BB5F2E58AC10F1F1DBEBF4869D3A824C40D9FE14FEE332E57295", "F2A538AF2ED1CAABCF5F0891DB02363ECADA659FE7F2989D3CCD7668E4585622", "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "F4A34005E745D62ED5BBDB831E5D767C24B118051EFDE3423ADF017A2626FD14", "F4C8146FB10A44EAB37C806FB96F9E421080AE5CCA233C45EB9849A6ECADB0A2", "F4E7E3BE19F29D23C9E8BDC15EEAE7B010BF3E4C06C22A6AC29599A6977CB542", "F549A2FEAC9B8235BEDEAB1D1110EF3A8710606A890D4EE5C62A7F21A7169A12", "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "F5D69384E79508ECF3D6B7C440049FE6823228F992C7519603AA316546A8DE60", "F631FBF3345C07F81D82B960695E1646F617E669785B8F63DB760D886F1B2C12", "F6AFA8ACEF585CD43E06DE7164EBB8240A1255197762E88CB2BA50823C840FA9", "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "F862AA8C70B0343452BE1F88AAFBC22FF6D70527EFA74872A5EBBA9DE943691D", "F8A3D4A9CDB2E69EDABA736EFD7D24F77520D958AFA106D11E5EF76D4D31E151", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "F988C4692D2E552B4E225648097C2785A4DF9A107750563427C783A0CDEE0C5B", "F98C6B1EAC8D235F19136FBD257D2C504AAE6912C5BCB9B73AE39565E359364A", "F9A935F07F0C2592550406829A333AA17FFA9DE5B312BF55A008E03FEAC4C43E", "F9C3BC218F02B41A1EE998B0C9BACBCBA2A26044AA17D86E90806B1B4853903B", "F9CD4ED7EAE495E6A1286F1C515E4B4F59C16F49BE7B4FA7E188219A3727D224", "FA37EFD6BCDF8414B1B01DD06C96E0D1E771E69F214D77948CB831C765C409D8", "FA692256B3CD78E7B88728BCFE3B27BB61702E77EA0A13845E3D79E8651F3E1B", "FA90064F3FABCD5CD6E50C627B3EEFFD46086A8E2B7D5B55053A4E47043DC8A7", "FAA2B691DD1E76E786CADE53CD8A2391FDC6BE6F5B14624181F6008CE76C4E36", "FB0E745575ABD33F44D9E76B74AC2CFBE84B2A1963AEE86E3AB5E79959011318", "FB3709EBFC8A5FAB2E4236B7D00B54901E29184F499A4CDC2801BEC9E4905342", "FB725790185B6C1D6E94DE5593F9324A99EFC707F2DA722AC7D3588D3D90484E", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A", "FC11BDFA06F8AE2CCC0E004BB77D2A5377449EC01FA48D28B2951E08F4BE20A7", "FC2A12A3D5CDFFAEF50A77215E69039CD0E678811823B3B21F6B390DAB68C2C0", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FC6C4426C76B592E968FD3C9EA26406E90FB3C95C30F68EC9CCD547D24485997", "FE0CD9D782041746DBFBA9DFD5A169C98E21DF40D5DB566AD15D9898EFE9D6E4", "FE36F70B633D6B89B87EB57DF379F72D3D3FFDEBF84731993C6092A6C7F6143D", "FE3BD282967A6B7E515961E80162D820AFB7A6484790830E840CF40337EF3235", "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F", "FE7B997F67C37DFC6E3439F0BA52314A66B42B21A8011BE962695F0F97CCBF03", "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E"]}, {"type": "ics", "idList": ["ICSA-14-198-03G", "ICSA-15-064-01A", "ICSA-15-356-01", "ICSA-16-103-03", "ICSA-17-094-04", "ICSA-21-054-03", "ICSA-21-075-02", "ICSA-21-103-11", "ICSA-21-159-11", "ICSA-22-160-01", "ICSMA-18-058-02", "ICSMA-20-184-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00039", "INTEL:INTEL-SA-00067"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:458BCB1DFE42EF07F0FBAFB7EF82F028", "INTOTHESYMMETRY:E734ED1EBF3CAA516E338187A38075D9", "INTOTHESYMMETRY:E90923CAE21ADFC423A96B462BCBC0DF"]}, {"type": "jvn", "idList": ["JVN:03188560", "JVN:61247051", "JVN:65044642"]}, {"type": "kaspersky", "idList": ["KLA10266", "KLA10359", "KLA10382", "KLA10447", "KLA10452", "KLA10460", "KLA10548", "KLA10551", "KLA10553", "KLA10570", "KLA10618", "KLA10629", "KLA10630", "KLA10640", "KLA10689", "KLA10732", "KLA10743", "KLA10744", "KLA10748", "KLA10794", "KLA10798", "KLA10847", "KLA10848", "KLA10849"]}, {"type": "kitploit", "idList": ["KITPLOIT:5420210148456420402", "KITPLOIT:6372579284509577146", "KITPLOIT:7553690576096019209", "KITPLOIT:8024306166267359540"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-NOSID", "LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500043-NOSID", "LENOVO:PS500048-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2013-0186", "MGASA-2013-0337", "MGASA-2014-0255", "MGASA-2014-0416", "MGASA-2014-0489", "MGASA-2014-0490", "MGASA-2014-0507", "MGASA-2015-0022", "MGASA-2015-0037", "MGASA-2015-0099", "MGASA-2015-0246", "MGASA-2015-0260", "MGASA-2015-0263", "MGASA-2015-0268", "MGASA-2015-0274", "MGASA-2015-0277", "MGASA-2015-0280", "MGASA-2015-0281", "MGASA-2015-0295", "MGASA-2015-0296", "MGASA-2015-0413", "MGASA-2015-0427", "MGASA-2015-0450", "MGASA-2015-0466", "MGASA-2016-0012", "MGASA-2016-0015", "MGASA-2016-0039", "MGASA-2016-0048", "MGASA-2016-0056", "MGASA-2016-0093", "MGASA-2016-0098", "MGASA-2016-0148", "MGASA-2016-0169", "MGASA-2016-0174", "MGASA-2016-0219", "MGASA-2016-0225", "MGASA-2016-0232", "MGASA-2016-0233", "MGASA-2016-0244", "MGASA-2016-0259", "MGASA-2016-0265", "MGASA-2016-0273", "MGASA-2017-0333", "MGASA-2017-0453"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-GATHER-SSLLABS_SCAN-", "MSF:AUXILIARY-SCANNER-HTTP-WORDPRESS_GHOST_SCANNER-", "MSF:AUXILIARY-SCANNER-SSL-OPENSSL_CCS-", "MSF:EXPLOIT-LINUX-SMTP-EXIM_GETHOSTBYNAME_BOF-"]}, {"type": "mozilla", "idList": ["MFSA2013-103", "MFSA2015-133", "MFSA2015-150", "MFSA2015-70", "MFSA2015-71", "MFSA2016-07", "MFSA2016-15"]}, {"type": "mscve", "idList": ["MS:ADV160006"]}, {"type": "myhack58", "idList": ["MYHACK58:62201672113", "MYHACK58:62201891264"]}, {"type": "n0where", "idList": ["N0WHERE:172575"]}, {"type": "nessus", "idList": ["700510.PRM", "700518.PRM", "700649.PRM", "700650.PRM", "700651.PRM", "700654.PRM", "7168.PASL", "7169.PASL", "7282.PASL", "801619.PRM", "801936.PRM", "801962.PRM", "801963.PRM", "802013.PRM", "802019.PRM", "802028.PRM", "8253.PRM", "8386.PRM", "8394.PRM", "8552.PRM", "8562.PRM", "8617.PRM", "8677.PRM", "8684.PASL", "8790.PRM", "8791.PRM", "8801.PRM", "8830.PASL", "8855.PRM", "8879.PRM", "8970.PRM", "8977.PRM", "8981.PRM", "8982.PRM", "9018.PRM", "9075.PRM", "9076.PRM", "9081.PRM", "9127.PRM", "9128.PRM", "9151.PRM", "9197.PRM", "9198.PRM", "9238.PRM", "9252.PRM", "9254.PRM", "9259.PRM", "9309.PRM", "9324.PRM", "9327.PRM", "9389.PRM", "9390.PRM", "9449.PRM", "9463.PRM", "9464.PRM", "9465.PRM", "9482.PRM", "9483.PRM", "9608.PRM", "9700.PRM", "9713.PRM", "9716.PRM", "9736.PRM", "9775.PRM", "AIX_BIND_NETTCP_ADVISORY2.NASL", "AIX_IV69768.NASL", "AIX_IV73316.NASL", "AIX_IV73319.NASL", "AIX_IV73324.NASL", "AIX_IV73416.NASL", "AIX_IV73417.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73973.NASL", "AIX_IV73974.NASL", "AIX_IV73975.NASL", "AIX_IV73976.NASL", "AIX_IV75643.NASL", "AIX_IV75644.NASL", "AIX_IV75645.NASL", "AIX_IV75646.NASL", "AIX_IV75967.NASL", "AIX_IV78624.NASL", "AIX_IV78625.NASL", "AIX_IV79070.NASL", "AIX_IV79071.NASL", "AIX_IV79072.NASL", "AIX_IV82327.NASL", "AIX_IV82328.NASL", "AIX_IV82330.NASL", "AIX_IV82331.NASL", "AIX_IV82412.NASL", "AIX_IV83984.NASL", "AIX_IV83993.NASL", "AIX_IV83994.NASL", "AIX_IV83995.NASL", "AIX_IV84269.NASL", "AIX_IV86116.NASL", "AIX_IV86117.NASL", "AIX_IV86118.NASL", "AIX_IV86119.NASL", "AIX_IV86120.NASL", "AIX_IV86132.NASL", "AIX_IV87419.NASL", "AIX_IV87420.NASL", "AIX_IV87614.NASL", "AIX_IV87615.NASL", "AIX_IV87939.NASL", "AIX_IV88957.NASL", "AIX_IV88959.NASL", "AIX_IV88960.NASL", "AIX_JAVA_APR2015_ADVISORY.NASL", "AIX_JAVA_APRIL2015_ADVISORY.NASL", "AIX_JAVA_FEB2015_ADVISORY.NASL", "AIX_JAVA_JAN2016_ADVISORY.NASL", "AIX_JAVA_JULY2015_ADVISORY.NASL", "AIX_JAVA_JULY2016_ADVISORY.NASL", "AIX_JAVA_OCT2014_ADVISORY.NASL", "AIX_NTP_ADVISORY5.NASL", "AIX_NTP_V3_ADVISORY6.NASL", "AIX_NTP_V3_ADVISORY7.NASL", "AIX_NTP_V4_ADVISORY5.NASL", "AIX_NTP_V4_ADVISORY6.NASL", "AIX_NTP_V4_ADVISORY7.NASL", "AIX_OPENSSL_ADVISORY11.NASL", "AIX_OPENSSL_ADVISORY12.NASL", "AIX_OPENSSL_ADVISORY14.NASL", "AIX_OPENSSL_ADVISORY15.NASL", "AIX_OPENSSL_ADVISORY16.NASL", "AIX_OPENSSL_ADVISORY17.NASL", "AIX_OPENSSL_ADVISORY18.NASL", "AIX_OPENSSL_ADVISORY20.NASL", "AIX_OPENSSL_ADVISORY9.NASL", "AIX_U863668.NASL", "AIX_U867669.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1009.NASL", "ALA_ALAS-2014-349.NASL", "ALA_ALAS-2014-350.NASL", "ALA_ALAS-2014-351.NASL", "ALA_ALAS-2014-405.NASL", "ALA_ALAS-2014-426.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2014-452.NASL", "ALA_ALAS-2015-469.NASL", "ALA_ALAS-2015-471.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-473.NASL", "ALA_ALAS-2015-480.NASL", "ALA_ALAS-2015-493.NASL", "ALA_ALAS-2015-494.NASL", "ALA_ALAS-2015-550.NASL", "ALA_ALAS-2015-551.NASL", "ALA_ALAS-2015-564.NASL", "ALA_ALAS-2015-569.NASL", "ALA_ALAS-2015-570.NASL", "ALA_ALAS-2015-571.NASL", "ALA_ALAS-2015-578.NASL", "ALA_ALAS-2015-579.NASL", "ALA_ALAS-2015-586.NASL", "ALA_ALAS-2015-607.NASL", "ALA_ALAS-2015-608.NASL", "ALA_ALAS-2015-614.NASL", "ALA_ALAS-2015-618.NASL", "ALA_ALAS-2015-625.NASL", "ALA_ALAS-2016-643.NASL", "ALA_ALAS-2016-645.NASL", "ALA_ALAS-2016-647.NASL", "ALA_ALAS-2016-649.NASL", "ALA_ALAS-2016-651.NASL", "ALA_ALAS-2016-661.NASL", "ALA_ALAS-2016-682.NASL", "ALA_ALAS-2016-695.NASL", "ALA_ALAS-2016-701.NASL", "ALA_ALAS-2016-702.NASL", "ALA_ALAS-2016-708.NASL", "ALA_ALAS-2016-713.NASL", "ALA_ALAS-2016-723.NASL", "ALA_ALAS-2016-727.NASL", "ALA_ALAS-2016-729.NASL", "ALA_ALAS-2016-735.NASL", "ALA_ALAS-2016-737.NASL", "ALA_ALAS-2016-738.NASL", "ALA_ALAS-2016-748.NASL", "ALA_ALAS-2018-1009.NASL", "ALA_ALAS-2018-1016.NASL", "APACHE_2_4_16.NASL", "APACHE_TRAFFIC_SERVER_511.NASL", "APPLETV_7_0_1.NASL", "APPLE_IOS_81_CHECK.NBIN", "APPLE_IOS_84_CHECK.NBIN", "ARISTA_EOS_SA0018.NASL", "ARISTA_EOS_SA0019.NASL", "ARISTA_EOS_SA0020.NASL", "ASTERISK_AST_2014_011.NASL", "BLACKBERRY_10_3_1_1779.NBIN", "BLACKBERRY_ES_FREAK_KB36811.NASL", "BLUECOAT_PROXY_AV_3_5_4_1.NASL", "BLUECOAT_PROXY_SG_4_X_OPENSSL.NASL", "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "BLUECOAT_PROXY_SG_6_4_6_4.NASL", "BLUECOAT_PROXY_SG_6_5_4_4.NASL", "BLUECOAT_PROXY_SG_6_5_6_2.NASL", "BLUECOAT_PROXY_SG_6_5_9_8.NASL", "CENTOS_RHSA-2014-0624.NASL", "CENTOS_RHSA-2014-0625.NASL", "CENTOS_RHSA-2014-0626.NASL", "CENTOS_RHSA-2014-1436.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2014-1653.NASL", "CENTOS_RHSA-2014-1948.NASL", "CENTOS_RHSA-2015-0066.NASL", "CENTOS_RHSA-2015-0067.NASL", "CENTOS_RHSA-2015-0068.NASL", "CENTOS_RHSA-2015-0069.NASL", "CENTOS_RHSA-2015-0085.NASL", "CENTOS_RHSA-2015-0090.NASL", "CENTOS_RHSA-2015-0092.NASL", "CENTOS_RHSA-2015-0800.NASL", "CENTOS_RHSA-2015-1072.NASL", "CENTOS_RHSA-2015-1115.NASL", "CENTOS_RHSA-2015-1185.NASL", "CENTOS_RHSA-2015-1197.NASL", "CENTOS_RHSA-2015-1228.NASL", "CENTOS_RHSA-2015-1229.NASL", "CENTOS_RHSA-2015-1230.NASL", "CENTOS_RHSA-2015-1526.NASL", "CENTOS_RHSA-2015-1664.NASL", "CENTOS_RHSA-2015-1667.NASL", "CENTOS_RHSA-2015-1668.NASL", "CENTOS_RHSA-2015-1930.NASL", "CENTOS_RHSA-2015-1980.NASL", "CENTOS_RHSA-2015-1981.NASL", "CENTOS_RHSA-2015-2088.NASL", "CENTOS_RHSA-2015-2521.NASL", "CENTOS_RHSA-2015-2522.NASL", "CENTOS_RHSA-2015-2552.NASL", "CENTOS_RHSA-2015-2616.NASL", "CENTOS_RHSA-2015-2617.NASL", "CENTOS_RHSA-2015-2636.NASL", "CENTOS_RHSA-2015-2671.NASL", "CENTOS_RHSA-2016-0007.NASL", "CENTOS_RHSA-2016-0008.NASL", "CENTOS_RHSA-2016-0012.NASL", "CENTOS_RHSA-2016-0049.NASL", "CENTOS_RHSA-2016-0050.NASL", "CENTOS_RHSA-2016-0053.NASL", "CENTOS_RHSA-2016-0054.NASL", "CENTOS_RHSA-2016-0063.NASL", "CENTOS_RHSA-2016-0301.NASL", "CENTOS_RHSA-2016-0302.NASL", "CENTOS_RHSA-2016-0372.NASL", "CENTOS_RHSA-2016-0466.NASL", "CENTOS_RHSA-2016-0534.NASL", "CENTOS_RHSA-2016-0591.NASL", "CENTOS_RHSA-2016-0684.NASL", "CENTOS_RHSA-2016-0685.NASL", "CENTOS_RHSA-2016-0722.NASL", "CENTOS_RHSA-2016-0996.NASL", "CENTOS_RHSA-2016-1137.NASL", "CENTOS_RHSA-2016-1138.NASL", "CENTOS_RHSA-2016-1139.NASL", "CENTOS_RHSA-2016-1140.NASL", "CENTOS_RHSA-2016-1141.NASL", "CENTOS_RHSA-2016-1458.NASL", "CENTOS_RHSA-2016-1504.NASL", "CENTOS_RHSA-2016-1573.NASL", "CENTOS_RHSA-2016-1602.NASL", "CENTOS_RHSA-2016-1776.NASL", "CENTOS_RHSA-2016-2583.NASL", "CENTOS_RHSA-2017-2486.NASL", "CERBERUS_FTP_7_0_0_3.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CHECK_POINT_GAIA_SK104443.NASL", "CHECK_POINT_GAIA_SK106499.NASL", "CISCO-CSCUP22544-ACE.NASL", "CISCO-SA-20140605-OPENSSL-IOS.NASL", "CISCO-SA-20140605-OPENSSL-IOSXE.NASL", "CISCO-SA-20140605-OPENSSL-IOSXR.NASL", "CISCO-SA-20140605-OPENSSL-NXOS.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-CUCM.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO-SA-20150128-ACE.NASL", "CISCO-SA-20150128-GHOST-IOSXE_MULTI.NASL", "CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL", "CISCO-SA-20150128-GHOST-IOSXR_NCS6K.NASL", "CISCO-SA-20150128-GHOST-NXOS.NASL", "CISCO-SA-20150310-SSL-NXOS.NASL", "CISCO-SA-20150710-OPENSSL-VSG.NASL", "CISCO-SA-CSCUV26213-ASA-CX.NASL", "CISCO-SA-CSCUV26213-PRSM.NASL", "CISCO_ACE_A5_3_3.NASL", "CISCO_ANYCONNECT_3_1_5170.NASL", "CISCO_ANYCONNECT_3_1_5187.NASL", "CISCO_ANYCONNECT_3_1_7021.NASL", "CISCO_ANYCONNECT_CSCUX41420.NASL", "CISCO_ASA_CSCUP22532.NASL", "CISCO_CUCM_CSCUS66650-GHOST.NASL", "CISCO_CUPS_CSCUS69785.NASL", "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "CISCO_SECURITY_MANAGER_CSCUX41352.NASL", "CISCO_TELEPRESENCE_CONDUCTOR_CSCUS69523.NASL", "CISCO_TELEPRESENCE_MCU_CSCUP23994.NASL", "CISCO_TELEPRESENCE_SUPERVISOR_8050_MSE_CSCUP22635.NASL", "CISCO_TELEPRESENCE_VCS_CSCUS69558.NASL", "CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL", "CITRIX_XENSERVER_CTX202583.NASL", "CITRIX_XENSERVER_CTX212736.NASL", "CITRIX_XENSERVER_CTX220112.NASL", "CUPS_2_0_1.NASL", "DB2_101FP5.NASL", "DB2_105FP6.NASL", "DB2_105FP7_NIX.NASL", "DB2_105FP7_WIN.NASL", "DB2_97FP10_MULTI_VULN.NASL", "DEBIAN_DLA-132.NASL", "DEBIAN_DLA-139.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-247.NASL", "DEBIAN_DLA-274.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-284.NASL", "DEBIAN_DLA-288.NASL", "DEBIAN_DLA-303.NASL", "DEBIAN_DLA-315.NASL", "DEBIAN_DLA-335.NASL", "DEBIAN_DLA-344.NASL", "DEBIAN_DLA-354.NASL", "DEBIAN_DLA-358.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-410.NASL", "DEBIAN_DLA-421.NASL", "DEBIAN_DLA-427.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-478.NASL", "DEBIAN_DLA-479.NASL", "DEBIAN_DLA-480.NASL", "DEBIAN_DLA-507.NASL", "DEBIAN_DLA-556.NASL", "DEBIAN_DLA-559.NASL", "DEBIAN_DLA-567.NASL", "DEBIAN_DLA-579.NASL", "DEBIAN_DLA-81.NASL", "DEBIAN_DSA-2686.NASL", "DEBIAN_DSA-2950.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3125.NASL", "DEBIAN_DSA-3142.NASL", "DEBIAN_DSA-3144.NASL", "DEBIAN_DSA-3147.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3287.NASL", "DEBIAN_DSA-3300.NASL", "DEBIAN_DSA-3316.NASL", "DEBIAN_DSA-3324.NASL", "DEBIAN_DSA-3325.NASL", "DEBIAN_DSA-3336.NASL", "DEBIAN_DSA-3339.NASL", "DEBIAN_DSA-3388.NASL", "DEBIAN_DSA-3393.NASL", "DEBIAN_DSA-3406.NASL", "DEBIAN_DSA-3410.NASL", "DEBIAN_DSA-3413.NASL", "DEBIAN_DSA-3414.NASL", "DEBIAN_DSA-3426-1.NASL", "DEBIAN_DSA-3436.NASL", "DEBIAN_DSA-3437.NASL", "DEBIAN_DSA-3454.NASL", "DEBIAN_DSA-3457.NASL", "DEBIAN_DSA-3458.NASL", "DEBIAN_DSA-3465.NASL", "DEBIAN_DSA-3489.NASL", "DEBIAN_DSA-3491.NASL", "DEBIAN_DSA-3500.NASL", "DEBIAN_DSA-3566.NASL", "DEBIAN_DSA-3624.NASL", "DEBIAN_DSA-3625.NASL", "DEBIAN_DSA-3629.NASL", "DEBIAN_DSA-3632.NASL", "DEBIAN_DSA-3641.NASL", "DEBIAN_DSA-3688.NASL", "DEBIAN_DSA-5103.NASL", "EMC_DOCUMENTUM_CONTENT_SERVER_ESA-2014-079.NASL", "EULEROS_SA-2016-1017.NASL", "EULEROS_SA-2016-1025.NASL", "EULEROS_SA-2016-1032.NASL", "EULEROS_SA-2016-1035.NASL", "EULEROS_SA-2016-1060.NASL", "EULEROS_SA-2017-1039.NASL", "EULEROS_SA-2017-1040.NASL", "EULEROS_SA-2017-1124.NASL", "EULEROS_SA-2017-1125.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1179.NASL", "EULEROS_SA-2019-1386.NASL", "EULEROS_SA-2019-1388.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1419.NASL", "EULEROS_SA-2019-1488.NASL", "EULEROS_SA-2019-1536.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-1548.NASL", "EULEROS_SA-2019-1551.NASL", "EULEROS_SA-2019-1553.NASL", "EULEROS_SA-2019-1555.NASL", "EULEROS_SA-2019-1556.NASL", "EULEROS_SA-2019-1861.NASL", "EULEROS_SA-2019-1980.NASL", "EULEROS_SA-2019-2215.NASL", "EULEROS_SA-2019-2217.NASL", "EULEROS_SA-2019-2271.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2019-2643.NASL", "EULEROS_SA-2020-1210.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1637.NASL", "EULEROS_SA-2020-1774.NASL", "EULEROS_SA-2020-2076.NASL", "EULEROS_SA-2020-2374.NASL", "EULEROS_SA-2022-1434.NASL", "EULEROS_SA-2022-1455.NASL", "EULEROS_SA-2022-1612.NASL", "EULEROS_SA-2022-1635.NASL", "EULEROS_SA-2022-1649.NASL", "EULEROS_SA-2022-1663.NASL", "EULEROS_SA-2022-2032.NASL", "EULEROS_SA-2022-2060.NASL", "F5_BIGIP_SOL02201365.NASL", "F5_BIGIP_SOL05016441.NASL", "F5_BIGIP_SOL05046514.NASL", "F5_BIGIP_SOL10065173.NASL", "F5_BIGIP_SOL10600056.NASL", "F5_BIGIP_SOL11251130.NASL", "F5_BIGIP_SOL12824341.NASL", "F5_BIGIP_SOL14638.NASL", "F5_BIGIP_SOL15325.NASL", "F5_BIGIP_SOL16057.NASL", "F5_BIGIP_SOL16123.NASL", "F5_BIGIP_SOL16126.NASL", "F5_BIGIP_SOL16135.NASL", "F5_BIGIP_SOL16136.NASL", "F5_BIGIP_SOL16139.NASL", "F5_BIGIP_SOL16674.NASL", "F5_BIGIP_SOL16864.NASL", "F5_BIGIP_SOL16898.NASL", "F5_BIGIP_SOL16913.NASL", "F5_BIGIP_SOL16914.NASL", "F5_BIGIP_SOL17113.NASL", "F5_BIGIP_SOL17251.NASL", "F5_BIGIP_SOL17566.NASL", "F5_BIGIP_SOL20804323.NASL", "F5_BIGIP_SOL22334603.NASL", "F5_BIGIP_SOL23196136.NASL", "F5_BIGIP_SOL23230229.NASL", "F5_BIGIP_SOL25075696.NASL", "F5_BIGIP_SOL31026324.NASL", "F5_BIGIP_SOL31372672.NASL", "F5_BIGIP_SOL33209124.NASL", "F5_BIGIP_SOL36488941.NASL", "F5_BIGIP_SOL40524634.NASL", "F5_BIGIP_SOL43205719.NASL", "F5_BIGIP_SOL44512851.NASL", "F5_BIGIP_SOL51920288.NASL", "F5_BIGIP_SOL52349521.NASL", "F5_BIGIP_SOL63675293.NASL", "F5_BIGIP_SOL64505405.NASL", "F5_BIGIP_SOL71245322.NASL", "F5_BIGIP_SOL75152412.NASL", "F5_BIGIP_SOL79215841.NASL", "F5_BIGIP_SOL86772626.NASL", "F5_BIGIP_SOL93122894.NASL", "F5_BIGIP_SOL93600123.NASL", "F5_BIGIP_SOL95463126.NASL", "FEDORA_2013-9070.NASL", "FEDORA_2013-9156.NASL", "FEDORA_2014-12951.NASL", "FEDORA_2014-13012.NASL", "FEDORA_2014-13069.NASL", "FEDORA_2014-13399.NASL", "FEDORA_2014-13647.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-13781.NASL", "FEDORA_2014-13794.NASL", "FEDORA_2014-14217.NASL", "FEDORA_2014-14234.NASL", "FEDORA_2014-14237.NASL", "FEDORA_2014-15379.NASL", "FEDORA_2014-15390.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2014-7101.NASL", "FEDORA_2014-7102.NASL", "FEDORA_2014-9301.NASL", "FEDORA_2014-9308.NASL", "FEDORA_2015-0512.NASL", "FEDORA_2015-0601.NASL", "FEDORA_2015-10047.NASL", "FEDORA_2015-10108.NASL", "FEDORA_2015-10155.NASL", "FEDORA_2015-11414.NASL", "FEDORA_2015-11475.NASL", "FEDORA_2015-115C302856.NASL", "FEDORA_2015-11689.NASL", "FEDORA_2015-11792.NASL", "FEDORA_2015-11981.NASL", "FEDORA_2015-13469.NASL", "FEDORA_2015-15899.NASL", "FEDORA_2015-15907.NASL", "FEDORA_2015-2315.NASL", "FEDORA_2015-2328.NASL", "FEDORA_2015-394835A3F6.NASL", "FEDORA_2015-605DE37B7F.NASL", "FEDORA_2015-668D213DC3.NASL", "FEDORA_2015-77BFBC1BCD.NASL", "FEDORA_2015-9048.NASL", "FEDORA_2015-9090.NASL", "FEDORA_2015-9110.NASL", "FEDORA_2015-9130.NASL", "FEDORA_2015-9161.NASL", "FEDORA_2015-CD94AD8D7C.NASL", "FEDORA_2015-D87D60B9A9.NASL", "FEDORA_2015-F150B2A8C8.NASL", "FEDORA_2015-F2C534BC12.NASL", "FEDORA_2015-F5F5EC7B6B.NASL", "FEDORA_2016-05C567DF1A.NASL", "FEDORA_2016-1411324654.NASL", "FEDORA_2016-1AAF308DE4.NASL", "FEDORA_2016-1E39D934ED.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-2802690366.NASL", "FEDORA_2016-34BC10A2C8.NASL", "FEDORA_2016-527018D2FF.NASL", "FEDORA_2016-5B2EB0BF9C.NASL", "FEDORA_2016-777D838C1B.NASL", "FEDORA_2016-7C48036D73.NASL", "FEDORA_2016-8BB1932088.NASL", "FEDORA_2016-95EDF19D8A.NASL", "FEDORA_2016-B3B9407940.NASL", "FEDORA_2016-C558E58B21.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2016-E1234B65A2.NASL", "FEDORA_2016-E6807B3394.NASL", "FEDORA_2016-ED8C6C0426.NASL", "FEDORA_2017-6A0389A6A7.NASL", "FEDORA_2017-9899ABA20E.NASL", "FIREEYE_OS_SB001.NASL", "FORTICLIENT_5_0_10.NASL", "FORTINET_FG-IR-14-018.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_075952FE267E11E59D033C970E169BC2.NASL", "FREEBSD_PKG_0765DE84A6C111E4A0C1C485083CA99C.NASL", "FREEBSD_PKG_0DAD911460CC11E49E840022156E8794.NASL", "FREEBSD_PKG_10F7BC7603354A88B3910B05B3A8CE1C.NASL", "FREEBSD_PKG_1AAAA5C6804D11EC8BE6D4C9EF517024.NASL", "FREEBSD_PKG_215E740E9C5611E590E7B499BAEBFEAF.NASL", "FREEBSD_PKG_2438D4AF153811E5A1063C970E169BC2.NASL", "FREEBSD_PKG_29083F8E2CA811E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_2CABFBAB8BFB11E5BD18002590263BF5.NASL", "FREEBSD_PKG_2EEBEBFFCD3B11E28F09001B38C3836C.NASL", "FREEBSD_PKG_3679FD10C5D111E5B85F0018FE623F2B.NASL", "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_44D9DAEE940C417986BB6E3FFD617869.NASL", "FREEBSD_PKG_4AF92A40DB3311E6AE1B002590263BF5.NASL", "FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL", "FREEBSD_PKG_4E536C14979111E4977DD050992ECDE8.NASL", "FREEBSD_PKG_4EAE4F46B5CE11E58A2BD050996490D0.NASL", "FREEBSD_PKG_5237F5D7C02011E5B397D050996490D0.NASL", "FREEBSD_PKG_5AC53801EC2E11E39CF33C970E169BC2.NASL", "FREEBSD_PKG_5B74A5BC348F11E5BA05C80AA9043978.NASL", "FREEBSD_PKG_67B3FEF22BEA11E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_6D33B3E5EA0311E585BE14DAE9D210B8.NASL", "FREEBSD_PKG_750915166F4B405998846727023DC366.NASL", "FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL", "FREEBSD_PKG_7B1A4A27600A11E6A6C314DAE9D210B8.NASL", "FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL", "FREEBSD_PKG_8C2B2F110EBE11E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_9D04936C75F14A2C9ADE4C1708BE5DF9.NASL", "FREEBSD_PKG_9D15355BCE7C11E49DB0D050992ECDE8.NASL", "FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_A12494C12AF411E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_A8EC4DB7A39811E585E914DAE9D210B8.NASL", "FREEBSD_PKG_B2487D9A0C3011E6ACD0D050996490D0.NASL", "FREEBSD_PKG_C4A18A1277FC11E5A687206A8A720317.NASL", "FREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_E05BFC92076311E694FA002590263BF5.NASL", "FREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL", "FREEBSD_PKG_F9C388C5A25611E4992A7B2A515A1247.NASL", "GENTOO_GLSA-201210-05.NASL", "GENTOO_GLSA-201405-07.NASL", "GENTOO_GLSA-201406-19.NASL", "GENTOO_GLSA-201407-05.NASL", "GENTOO_GLSA-201411-10.NASL", "GENTOO_GLSA-201503-04.NASL", "GENTOO_GLSA-201503-11.NASL", "GENTOO_GLSA-201504-01.NASL", "GENTOO_GLSA-201506-02.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201507-15.NASL", "GENTOO_GLSA-201509-02.NASL", "GENTOO_GLSA-201512-04.NASL", "GENTOO_GLSA-201512-10.NASL", "GENTOO_GLSA-201601-05.NASL", "GENTOO_GLSA-201603-11.NASL", "GENTOO_GLSA-201603-15.NASL", "GENTOO_GLSA-201605-06.NASL", "GENTOO_GLSA-201606-11.NASL", "GENTOO_GLSA-201607-01.NASL", "GENTOO_GLSA-201607-15.NASL", "GENTOO_GLSA-201610-01.NASL", "GENTOO_GLSA-201610-02.NASL", "GENTOO_GLSA-201610-08.NASL", "GENTOO_GLSA-201612-16.NASL", "GENTOO_GLSA-201701-43.NASL", "GENTOO_GLSA-201701-46.NASL", "GENTOO_GLSA-201706-18.NASL", "GENTOO_GLSA-201801-15.NASL", "GLASSFISH_CPU_APR_2015.NASL", "GLASSFISH_CPU_APR_2016.NASL", "GLASSFISH_CVE-2015-3237.NASL", "GLASSFISH_CVE-2016-3608.NASL", "GLASSFISH_CVE-2016-5477.NASL", "HPSMH_7_2_6.NASL", "HPSMH_7_3_3_1.NASL", "HPSMH_7_4_1.NASL", "HPSMH_7_5.NASL", "HPSMH_7_5_4.NASL", "HPSMH_7_5_5.NASL", "HPSMH_7_6.NASL", "HP_DATA_PROTECTOR_HPSBGN03580.NASL", "HP_LASERJET_HPSBPI03107.NASL", "HP_OFFICEJET_HPSBPI03107.NASL", "HP_ONBOARD_ADMIN_4_22.NASL", "HP_ONEVIEW_1_10.NASL", "HP_SITESCOPE_HPSBMU03184.NASL", "HP_SUM_6_4_1.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL", "HP_VCA_SSRT101614-RHEL.NASL", "HP_VCA_SSRT101614-SLES.NASL", "HP_VCA_SSRT101614.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_DOMINO_SWG21693142.NASL", "IBM_GPFS_ISG3T1020948_WINDOWS.NASL", "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "IBM_HTTP_SERVER_257477.NASL", "IBM_HTTP_SERVER_260001.NASL", "IBM_HTTP_SERVER_521711.NASL", "IBM_HTTP_SERVER_533835.NASL", "IBM_HTTP_SERVER_533837.NASL", "IBM_HTTP_SERVER_569301.NASL", "IBM_HTTP_SERVER_BAR_MITZVAH.NASL", "IBM_JAVA_2016_01_19.NASL", "IBM_JAVA_2016_07_19.NASL", "IBM_JAVA_2018_08_01.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "IBM_STORWIZE_CVE_2015_2808.NASL", "IBM_TEM_9_1_1117_0.NASL", "IPLANET_WEB_PROXY_4_0_27.NASL", "JBOSS_JAVA_SERIALIZE.NASL", "JIRA_6_4_10.NASL", "JUNIPER_JSA10629.NASL", "JUNIPER_JSA10679.NASL", "JUNIPER_JSA10759.NASL", "JUNIPER_NSM_JSA10679.NASL", "JUNIPER_SPACE_JSA10659.NASL", "JUNIPER_SPACE_JSA10727.NASL", "JUNIPER_SPACE_JSA_10826.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "JUNOS_PULSE_JSA10629.NASL", "LCE_4_8_1.NASL", "LEXMARK_PRINTER_TE701.NASL", "LIBREOFFICE_423.NASL", "MACOSX_10_10.NASL", "MACOSX_10_10_2.NASL", "MACOSX_10_10_3.NASL", "MACOSX_10_10_4.NASL", "MACOSX_10_10_5.NASL", "MACOSX_10_11.NASL", "MACOSX_10_11_1.NASL", "MACOSX_10_11_4.NASL", "MACOSX_10_11_6.NASL", "MACOSX_10_9_5.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5170.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_7021.NASL", "MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL", "MACOSX_FIREFOX_31_8_ESR.NASL", "MACOSX_FIREFOX_38_1_ESR.NASL", "MACOSX_FIREFOX_38_4_ESR.NASL", "MACOSX_FIREFOX_39_0.NASL", "MACOSX_FIREFOX_42.NASL", "MACOSX_FIREFOX_44.NASL", "MACOSX_FUSION_6_0_4.NASL", "MACOSX_GOOGLE_CHROME_41_0_2272_76.NASL", "MACOSX_LIBREOFFICE_423.NASL", "MACOSX_OPERA_28_0_1750_40.NASL", "MACOSX_SECUPD2014-004.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SECUPD2015-004.NASL", "MACOSX_SECUPD2015-005.NASL", "MACOSX_SECUPD2015-006.NASL", "MACOSX_SECUPD2015-007.NASL", "MACOSX_SERVER_2_2_5.NASL", "MACOSX_SERVER_3_2_2.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_SERVER_4_1.NASL", "MACOSX_SERVER_5_0_3.NASL", "MACOSX_THUNDERBIRD_38_1.NASL", "MACOSX_THUNDERBIRD_38_4.NASL", "MACOSX_VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL", "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "MACOSX_XCODE_7_0.NASL", "MACOSX_XCODE_81.NASL", "MACOS_10_14.NASL", "MANDRIVA_MDVSA-2012-128.NASL", "MANDRIVA_MDVSA-2013-032.NASL", "MANDRIVA_MDVSA-2013-270.NASL", "MANDRIVA_MDVSA-2014-106.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2014-218.NASL", "MANDRIVA_MDVSA-2014-252.NASL", "MANDRIVA_MDVSA-2015-019.NASL", "MANDRIVA_MDVSA-2015-033.NASL", "MANDRIVA_MDVSA-2015-039.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-063.NASL", "MANDRIVA_MDVSA-2015-093.NASL", "MANDRIVA_MDVSA-2015-198.NASL", "MARIADB_10_0_13.NASL", "MARIADB_10_0_25.NASL", "MARIADB_10_1_14.NASL", "MARIADB_10_1_9.NASL", "MARIADB_5_5_49.NASL", "MCAFEE_EMAIL_GATEWAY_SB10075.NASL", "MCAFEE_EPO_SB10075.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "MCAFEE_VSEL_SB10075.NASL", "MCAFEE_WEB_GATEWAY_SB10075.NASL", "MOZILLA_FIREFOX_31_8_ESR.NASL", "MOZILLA_FIREFOX_38_1_ESR.NASL", "MOZILLA_FIREFOX_38_4_ESR.NASL", "MOZILLA_FIREFOX_39_0.NASL", "MOZILLA_FIREFOX_42.NASL", "MOZILLA_FIREFOX_44.NASL", "MOZILLA_THUNDERBIRD_38_1.NASL", "MOZILLA_THUNDERBIRD_38_4.NASL", "MYSQL_5_5_46_RPM.NASL", "MYSQL_5_5_49_RPM.NASL", "MYSQL_5_5_50.NASL", "MYSQL_5_5_50_RPM.NASL", "MYSQL_5_6_20.NASL", "MYSQL_5_6_23.NASL", "MYSQL_5_6_26_RPM.NASL", "MYSQL_5_6_27.NASL", "MYSQL_5_6_27_RPM.NASL", "MYSQL_5_6_29.NASL", "MYSQL_5_6_29_RPM.NASL", "MYSQL_5_6_30.NASL", "MYSQL_5_6_30_RPM.NASL", "MYSQL_5_6_31.NASL", "MYSQL_5_6_31_RPM.NASL", "MYSQL_5_7_11.NASL", "MYSQL_5_7_11_RPM.NASL", "MYSQL_5_7_12.NASL", "MYSQL_5_7_12_RPM.NASL", "MYSQL_5_7_13.NASL", "MYSQL_5_7_13_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_6_7959.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL", "MYSQL_ES_5_6_29.NASL", "NESSUS_TNS_2015_07.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL", "NTP_4_2_8P4.NASL", "NTP_4_2_8P5.NASL", "NTP_4_2_8P6.NASL", "NTP_4_2_8P7.NASL", "OPENSSH_70.NASL", "OPENSSH_MAXAUTHTRIES_BRUTEFORCE.NASL", "OPENSSL_0_9_8ZA.NASL", "OPENSSL_0_9_8ZC.NASL", "OPENSSL_0_9_8ZD.NASL", "OPENSSL_0_9_8ZG.NASL", "OPENSSL_0_9_8ZH.NASL", "OPENSSL_1_0_0M.NASL", "OPENSSL_1_0_0O.NASL", "OPENSSL_1_0_0P.NASL", "OPENSSL_1_0_0S.NASL", "OPENSSL_1_0_0T.NASL", "OPENSSL_1_0_1H.NASL", "OPENSSL_1_0_1J.NASL", "OPENSSL_1_0_1K.NASL", "OPENSSL_1_0_1N.NASL", "OPENSSL_1_0_1O.NASL", "OPENSSL_1_0_1P.NASL", "OPENSSL_1_0_1Q.NASL", "OPENSSL_1_0_1R.NASL", "OPENSSL_1_0_1S.NASL", "OPENSSL_1_0_1T.NASL", "OPENSSL_1_0_2B.NASL", "OPENSSL_1_0_2C.NASL", "OPENSSL_1_0_2D.NASL", "OPENSSL_1_0_2E.NASL", "OPENSSL_1_0_2F.NASL", "OPENSSL_1_0_2G.NASL", "OPENSSL_1_0_2H.NASL", "OPENSSL_1_0_2K.NASL", "OPENSSL_1_0_2ZC_DEV.NASL", "OPENSSL_1_1_0D.NASL", "OPENSSL_1_1_1M.NASL", "OPENSSL_AES_NI_PADDING_ORACLE.NASL", "OPENSSL_CCS.NASL", "OPENSSL_CCS_1_0_1.NASL", "OPENSUSE-2012-408.NASL", "OPENSUSE-2013-486.NASL", "OPENSUSE-2014-410.NASL", "OPENSUSE-2014-605.NASL", "OPENSUSE-2014-640.NASL", "OPENSUSE-2014-647.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2015-116.NASL", "OPENSUSE-2015-191.NASL", "OPENSUSE-2015-446.NASL", "OPENSUSE-2015-447.NASL", "OPENSUSE-2015-474.NASL", "OPENSUSE-2015-479.NASL", "OPENSUSE-2015-480.NASL", "OPENSUSE-2015-495.NASL", "OPENSUSE-2015-507.NASL", "OPENSUSE-2015-511.NASL", "OPENSUSE-2015-512.NASL", "OPENSUSE-2015-635.NASL", "OPENSUSE-2015-67.NASL", "OPENSUSE-2015-718.NASL", "OPENSUSE-2015-767.NASL", "OPENSUSE-2015-84.NASL", "OPENSUSE-2015-877.NASL", "OPENSUSE-2015-879.NASL", "OPENSUSE-2015-885.NASL", "OPENSUSE-2015-889.NASL", "OPENSUSE-2015-892.NASL", "OPENSUSE-2015-893.NASL", "OPENSUSE-2015-908.NASL", "OPENSUSE-2015-91.NASL", "OPENSUSE-2015-911.NASL", "OPENSUSE-2015-916.NASL", "OPENSUSE-2015-940.NASL", "OPENSUSE-2015-978.NASL", "OPENSUSE-2016-102.NASL", "OPENSUSE-2016-104.NASL", "OPENSUSE-2016-105.NASL", "OPENSUSE-2016-106.NASL", "OPENSUSE-2016-1064.NASL", "OPENSUSE-2016-1068.NASL", "OPENSUSE-2016-107.NASL", "OPENSUSE-2016-1087.NASL", "OPENSUSE-2016-110.NASL", "OPENSUSE-2016-115.NASL", "OPENSUSE-2016-1156.NASL", "OPENSUSE-2016-124.NASL", "OPENSUSE-2016-126.NASL", "OPENSUSE-2016-1274.NASL", "OPENSUSE-2016-128.NASL", "OPENSUSE-2016-1283.NASL", "OPENSUSE-2016-1289.NASL", "OPENSUSE-2016-129.NASL", "OPENSUSE-2016-131.NASL", "OPENSUSE-2016-1339.NASL", "OPENSUSE-2016-136.NASL", "OPENSUSE-2016-154.NASL", "OPENSUSE-2016-203.NASL", "OPENSUSE-2016-215.NASL", "OPENSUSE-2016-218.NASL", "OPENSUSE-2016-225.NASL", "OPENSUSE-2016-282.NASL", "OPENSUSE-2016-288.NASL", "OPENSUSE-2016-289.NASL", "OPENSUSE-2016-292.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2016-327.NASL", "OPENSUSE-2016-34.NASL", "OPENSUSE-2016-445.NASL", "OPENSUSE-2016-561.NASL", "OPENSUSE-2016-562.NASL", "OPENSUSE-2016-563.NASL", "OPENSUSE-2016-564.NASL", "OPENSUSE-2016-565.NASL", "OPENSUSE-2016-575.NASL", "OPENSUSE-2016-578.NASL", "OPENSUSE-2016-59.NASL", "OPENSUSE-2016-599.NASL", "OPENSUSE-2016-6.NASL", "OPENSUSE-2016-60.NASL", "OPENSUSE-2016-604.NASL", "OPENSUSE-2016-607.NASL", "OPENSUSE-2016-649.NASL", "OPENSUSE-2016-715.NASL", "OPENSUSE-2016-92.NASL", "OPENSUSE-2016-944.NASL", "OPENSUSE-2016-976.NASL", "OPENSUSE-2016-977.NASL", "OPENSUSE-2016-978.NASL", "OPENSUSE-2016-982.NASL", "OPENSUSE-2016-988.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2017-255.NASL", "OPENSUSE-2017-459.NASL", "OPENSUSE-2017-560.NASL", "OPENSUSE-2017-561.NASL", "ORACLELINUX_ELSA-2014-0624.NASL", "ORACLELINUX_ELSA-2014-0625.NASL", "ORACLELINUX_ELSA-2014-0626.NASL", "ORACLELINUX_ELSA-2014-0679.NASL", "ORACLELINUX_ELSA-2014-0680.NASL", "ORACLELINUX_ELSA-2014-1652.NASL", "ORACLELINUX_ELSA-2014-1653.NASL", "ORACLELINUX_ELSA-2014-1948.NASL", "ORACLELINUX_ELSA-2014-3040.NASL", "ORACLELINUX_ELSA-2015-0066.NASL", "ORACLELINUX_ELSA-2015-0067.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0069.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2015-0090.NASL", "ORACLELINUX_ELSA-2015-0092.NASL", "ORACLELINUX_ELSA-2015-0101.NASL", "ORACLELINUX_ELSA-2015-0800.NASL", "ORACLELINUX_ELSA-2015-1072.NASL", "ORACLELINUX_ELSA-2015-1115.NASL", "ORACLELINUX_ELSA-2015-1185.NASL", "ORACLELINUX_ELSA-2015-1197.NASL", "ORACLELINUX_ELSA-2015-1228.NASL", "ORACLELINUX_ELSA-2015-1229.NASL", "ORACLELINUX_ELSA-2015-1230.NASL", "ORACLELINUX_ELSA-2015-1526.NASL", "ORACLELINUX_ELSA-2015-1664.NASL", "ORACLELINUX_ELSA-2015-1667.NASL", "ORACLELINUX_ELSA-2015-1668.NASL", "ORACLELINUX_ELSA-2015-1930.NASL", "ORACLELINUX_ELSA-2015-1980.NASL", "ORACLELINUX_ELSA-2015-1981.NASL", "ORACLELINUX_ELSA-2015-2088.NASL", "ORACLELINUX_ELSA-2015-2521.NASL", "ORACLELINUX_ELSA-2015-2522.NASL", "ORACLELINUX_ELSA-2015-2552.NASL", "ORACLELINUX_ELSA-2015-2616.NASL", "ORACLELINUX_ELSA-2015-2617.NASL", "ORACLELINUX_ELSA-2015-2636.NASL", "ORACLELINUX_ELSA-2015-2671.NASL", "ORACLELINUX_ELSA-2015-3107.NASL", "ORACLELINUX_ELSA-2016-0007.NASL", "ORACLELINUX_ELSA-2016-0008.NASL", "ORACLELINUX_ELSA-2016-0012.NASL", "ORACLELINUX_ELSA-2016-0049.NASL", "ORACLELINUX_ELSA-2016-0050.NASL", "ORACLELINUX_ELSA-2016-0053.NASL", "ORACLELINUX_ELSA-2016-0054.NASL", "ORACLELINUX_ELSA-2016-0063.NASL", "ORACLELINUX_ELSA-2016-0301.NASL", "ORACLELINUX_ELSA-2016-0302.NASL", "ORACLELINUX_ELSA-2016-0372.NASL", "ORACLELINUX_ELSA-2016-0466.NASL", "ORACLELINUX_ELSA-2016-0534.NASL", "ORACLELINUX_ELSA-2016-0591.NASL", "ORACLELINUX_ELSA-2016-0684.NASL", "ORACLELINUX_ELSA-2016-0685.NASL", "ORACLELINUX_ELSA-2016-0722.NASL", "ORACLELINUX_ELSA-2016-0996.NASL", "ORACLELINUX_ELSA-2016-1137.NASL", "ORACLELINUX_ELSA-2016-1138.NASL", "ORACLELINUX_ELSA-2016-1139.NASL", "ORACLELINUX_ELSA-2016-1140.NASL", "ORACLELINUX_ELSA-2016-1141.NASL", "ORACLELINUX_ELSA-2016-1458.NASL", "ORACLELINUX_ELSA-2016-1504.NASL", "ORACLELINUX_ELSA-2016-1573.NASL", "ORACLELINUX_ELSA-2016-1602.NASL", "ORACLELINUX_ELSA-2016-1776.NASL", "ORACLELINUX_ELSA-2016-2583.NASL", "ORACLELINUX_ELSA-2016-3502.NASL", "ORACLELINUX_ELSA-2016-3503.NASL", "ORACLELINUX_ELSA-2016-3531.NASL", "ORACLELINUX_ELSA-2016-3576.NASL", "ORACLELINUX_ELSA-2017-2486.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2014-0038.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2014-0040.NASL", "ORACLEVM_OVMSA-2014-0041.NASL", "ORACLEVM_OVMSA-2015-0005.NASL", "ORACLEVM_OVMSA-2015-0022.NASL", "ORACLEVM_OVMSA-2015-0023.NASL", "ORACLEVM_OVMSA-2015-0024.NASL", "ORACLEVM_OVMSA-2015-0029.NASL", "ORACLEVM_OVMSA-2015-0030.NASL", "ORACLEVM_OVMSA-2015-0065.NASL", "ORACLEVM_OVMSA-2015-0068.NASL", "ORACLEVM_OVMSA-2015-0070.NASL", "ORACLEVM_OVMSA-2015-0140.NASL", "ORACLEVM_OVMSA-2015-0145.NASL", "ORACLEVM_OVMSA-2015-0154.NASL", "ORACLEVM_OVMSA-2015-0155.NASL", "ORACLEVM_OVMSA-2016-0001.NASL", "ORACLEVM_OVMSA-2016-0006.NASL", "ORACLEVM_OVMSA-2016-0007.NASL", "ORACLEVM_OVMSA-2016-0013.NASL", "ORACLEVM_OVMSA-2016-0031.NASL", "ORACLEVM_OVMSA-2016-0037.NASL", "ORACLEVM_OVMSA-2016-0038.NASL", "ORACLEVM_OVMSA-2016-0049.NASL", "ORACLEVM_OVMSA-2016-0065.NASL", "ORACLEVM_OVMSA-2016-0066.NASL", "ORACLEVM_OVMSA-2016-0070.NASL", "ORACLEVM_OVMSA-2016-0071.NASL", "ORACLEVM_OVMSA-2016-0082.NASL", "ORACLEVM_OVMSA-2016-0086.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0165.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_ACCESS_MANAGER_WEBGATE_CVE_2016_2107.NBIN", "ORACLE_BI_PUBLISHER_APR_2018_CPU.NASL", "ORACLE_BI_PUBLISHER_JUL_2016_CPU.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2016.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2014.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2015.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2016.NASL", "ORACLE_E-BUSINESS_CPU_OCT_2016.NASL", "ORACLE_EIDS_CPU_OCT_2014.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2016_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2016_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2021_CPU.NASL", "ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_OCT_2018.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2016.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_APR_2015.NASL", "ORACLE_JAVA_CPU_APR_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2016.NASL", "ORACLE_JAVA_CPU_JAN_2016_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2015.NASL", "ORACLE_JAVA_CPU_JUL_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2016.NASL", "ORACLE_JAVA_CPU_JUL_2016_UNIX.NASL", "ORACLE_JDEVELOPER_CPU_JULY_2016.NASL", "ORACLE_JROCKIT_CPU_APR_2015.NASL", "ORACLE_JROCKIT_CPU_JAN_2015.NASL", "ORACLE_JROCKIT_CPU_JAN_2016.NASL", "ORACLE_JROCKIT_CPU_JUL_2015.NASL", "ORACLE_JROCKIT_CPU_JUL_2016.NASL", "ORACLE_OATS_CPU_APR_2016.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JUL_2017.NASL", "ORACLE_RDBMS_CPU_JUL_2016.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_RDBMS_CPU_OCT_2012.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2016_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2014_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "ORACLE_VIRTUALBOX_JAN_2015_CPU.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "ORACLE_WEBCENTER_SITES_APR_2017_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2015.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2017.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2016.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2016.NASL", "OT_500473.NASL", "PALO_ALTO_PAN-SA-2014-0003.NASL", "PALO_ALTO_PAN-SA-2015-0002.NASL", "PALO_ALTO_PAN-SA-2016-0027_REMOTE.NASL", "PCI_RC4_SUPPORTED.NASL", "PCI_WEAK_DH_UNDER_2048.NASL", "PFSENSE_SA-14_07.NASL", "PFSENSE_SA-15_06.NASL", "PFSENSE_SA-15_08.NASL", "PFSENSE_SA-15_11.NASL", "PFSENSE_SA-16_02.NASL", "PFSENSE_SA-16_04.NASL", "PHP_5_4_38.NASL", "PHP_5_5_22.NASL", "PHP_5_6_6.NASL", "PIVOTAL_WEBSERVER_5_4_1.NASL", "PUPPET_ENTERPRISE_330.NASL", "PUPPET_ENTERPRISE_380.NASL", "PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL", "REDHAT-RHSA-2014-0624.NASL", "REDHAT-RHSA-2014-0625.NASL", "REDHAT-RHSA-2014-0626.NASL", "REDHAT-RHSA-2014-0627.NASL", "REDHAT-RHSA-2014-0628.NASL", "REDHAT-RHSA-2014-0629.NASL", "REDHAT-RHSA-2014-0679.NASL", "REDHAT-RHSA-2014-0680.NASL", "REDHAT-RHSA-2014-1436.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1692.NASL", "REDHAT-RHSA-2014-1876.NASL", "REDHAT-RHSA-2014-1877.NASL", "REDHAT-RHSA-2014-1880.NASL", "REDHAT-RHSA-2014-1881.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2014-1948.NASL", "REDHAT-RHSA-2015-0066.NASL", "REDHAT-RHSA-2015-0067.NASL", "REDHAT-RHSA-2015-0068.NASL", "REDHAT-RHSA-2015-0069.NASL", "REDHAT-RHSA-2015-0079.NASL", "REDHAT-RHSA-2015-0080.NASL", "REDHAT-RHSA-2015-0085.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0090.NASL", "REDHAT-RHSA-2015-0092.NASL", "REDHAT-RHSA-2015-0099.NASL", "REDHAT-RHSA-2015-0101.NASL", "REDHAT-RHSA-2015-0126.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-0800.NASL", "REDHAT-RHSA-2015-1006.NASL", "REDHAT-RHSA-2015-1007.NASL", "REDHAT-RHSA-2015-1020.NASL", "REDHAT-RHSA-2015-1021.NASL", "REDHAT-RHSA-2015-1072.NASL", "REDHAT-RHSA-2015-1091.NASL", "REDHAT-RHSA-2015-1115.NASL", "REDHAT-RHSA-2015-1185.NASL", "REDHAT-RHSA-2015-1197.NASL", "REDHAT-RHSA-2015-1228.NASL", "REDHAT-RHSA-2015-1229.NASL", "REDHAT-RHSA-2015-1230.NASL", "REDHAT-RHSA-2015-1241.NASL", "REDHAT-RHSA-2015-1242.NASL", "REDHAT-RHSA-2015-1243.NASL", "REDHAT-RHSA-2015-1485.NASL", "REDHAT-RHSA-2015-1486.NASL", "REDHAT-RHSA-2015-1488.NASL", "REDHAT-RHSA-2015-1526.NASL", "REDHAT-RHSA-2015-1544.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1546.NASL", "REDHAT-RHSA-2015-1604.NASL", "REDHAT-RHSA-2015-1664.NASL", "REDHAT-RHSA-2015-1667.NASL", "REDHAT-RHSA-2015-1668.NASL", "REDHAT-RHSA-2015-1930.NASL", "REDHAT-RHSA-2015-1980.NASL", "REDHAT-RHSA-2015-1981.NASL", "REDHAT-RHSA-2015-2068.NASL", "REDHAT-RHSA-2015-2088.NASL", "REDHAT-RHSA-2015-2500.NASL", "REDHAT-RHSA-2015-2520.NASL", "REDHAT-RHSA-2015-2521.NASL", "REDHAT-RHSA-2015-2522.NASL", "REDHAT-RHSA-2015-2535.NASL", "REDHAT-RHSA-2015-2536.NASL", "REDHAT-RHSA-2015-2538.NASL", "REDHAT-RHSA-2015-2539.NASL", "REDHAT-RHSA-2015-2540.NASL", "REDHAT-RHSA-2015-2542.NASL", "REDHAT-RHSA-2015-2552.NASL", "REDHAT-RHSA-2015-2616.NASL", "REDHAT-RHSA-2015-2617.NASL", "REDHAT-RHSA-2015-2636.NASL", "REDHAT-RHSA-2015-2645.NASL", "REDHAT-RHSA-2015-2659.NASL", "REDHAT-RHSA-2015-2660.NASL", "REDHAT-RHSA-2015-2671.NASL", "REDHAT-RHSA-2016-0004.NASL", "REDHAT-RHSA-2016-0007.NASL", "REDHAT-RHSA-2016-0008.NASL", "REDHAT-RHSA-2016-0012.NASL", "REDHAT-RHSA-2016-0024.NASL", "REDHAT-RHSA-2016-0046.NASL", "REDHAT-RHSA-2016-0049.NASL", "REDHAT-RHSA-2016-0050.NASL", "REDHAT-RHSA-2016-0053.NASL", "REDHAT-RHSA-2016-0054.NASL", "REDHAT-RHSA-2016-0055.NASL", "REDHAT-RHSA-2016-0056.NASL", "REDHAT-RHSA-2016-0061.NASL", "REDHAT-RHSA-2016-0063.NASL", "REDHAT-RHSA-2016-0098.NASL", "REDHAT-RHSA-2016-0099.NASL", "REDHAT-RHSA-2016-0100.NASL", "REDHAT-RHSA-2016-0101.NASL", "REDHAT-RHSA-2016-0103.NASL", "REDHAT-RHSA-2016-0301.NASL", "REDHAT-RHSA-2016-0302.NASL", "REDHAT-RHSA-2016-0303.NASL", "REDHAT-RHSA-2016-0304.NASL", "REDHAT-RHSA-2016-0305.NASL", "REDHAT-RHSA-2016-0372.NASL", "REDHAT-RHSA-2016-0379.NASL", "REDHAT-RHSA-2016-0466.NASL", "REDHAT-RHSA-2016-0534.NASL", "REDHAT-RHSA-2016-0591.NASL", "REDHAT-RHSA-2016-0684.NASL", "REDHAT-RHSA-2016-0685.NASL", "REDHAT-RHSA-2016-0722.NASL", "REDHAT-RHSA-2016-0996.NASL", "REDHAT-RHSA-2016-1137.NASL", "REDHAT-RHSA-2016-1138.NASL", "REDHAT-RHSA-2016-1139.NASL", "REDHAT-RHSA-2016-1140.NASL", "REDHAT-RHSA-2016-1141.NASL", "REDHAT-RHSA-2016-1430.NASL", "REDHAT-RHSA-2016-1458.NASL", "REDHAT-RHSA-2016-1475.NASL", "REDHAT-RHSA-2016-1476.NASL", "REDHAT-RHSA-2016-1477.NASL", "REDHAT-RHSA-2016-1504.NASL", "REDHAT-RHSA-2016-1552.NASL", "REDHAT-RHSA-2016-1573.NASL", "REDHAT-RHSA-2016-1587.NASL", "REDHAT-RHSA-2016-1588.NASL", "REDHAT-RHSA-2016-1589.NASL", "REDHAT-RHSA-2016-1602.NASL", "REDHAT-RHSA-2016-1648.NASL", "REDHAT-RHSA-2016-1649.NASL", "REDHAT-RHSA-2016-1773.NASL", "REDHAT-RHSA-2016-1776.NASL", "REDHAT-RHSA-2016-2054.NASL", "REDHAT-RHSA-2016-2055.NASL", "REDHAT-RHSA-2016-2073.NASL", "REDHAT-RHSA-2016-2583.NASL", "REDHAT-RHSA-2017-0193.NASL", "REDHAT-RHSA-2017-0194.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2017-2486.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2713.NASL", "SCREENOS_JSA10733.NASL", "SCREENOS_JSA10759.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_APACHE_2_4_16.NASL", "SECURITYCENTER_OPENSSL_1_0_1P.NASL", "SECURITYCENTER_OPENSSL_1_0_1Q.NASL", "SECURITYCENTER_OPENSSL_1_0_2K.NASL", "SLACKWARE_SSA_2014-156-03.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SLACKWARE_SSA_2015-009-01.NASL", "SLACKWARE_SSA_2015-028-01.NASL", "SLACKWARE_SSA_2015-162-01.NASL", "SLACKWARE_SSA_2015-190-01.NASL", "SLACKWARE_SSA_2015-198-01.NASL", "SLACKWARE_SSA_2015-302-01.NASL", "SLACKWARE_SSA_2015-302-03.NASL", "SLACKWARE_SSA_2015-310-02.NASL", "SLACKWARE_SSA_2015-349-01.NASL", "SLACKWARE_SSA_2015-349-04.NASL", "SLACKWARE_SSA_2016-034-03.NASL", "SLACKWARE_SSA_2016-054-04.NASL", "SLACKWARE_SSA_2016-062-02.NASL", "SLACKWARE_SSA_2016-120-01.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SL_20140605_OPENSSL097A_AND_OPENSSL098E_ON_SL5_X.NASL", "SL_20140605_OPENSSL_ON_SL5_X.NASL", "SL_20140605_OPENSSL_ON_SL6_X.NASL", "SL_20141014_X11_CLIENT_LIBRARIES_ON_SL6_X.NASL", "SL_20141016_OPENSSL_ON_SL5_X.NASL", "SL_20141016_OPENSSL_ON_SL6_X.NASL", "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_OPENSSL_ON_SL6_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20150127_GLIBC_ON_SL5_X.NASL", "SL_20150127_GLIBC_ON_SL6_X.NASL", "SL_20150413_OPENSSL_ON_SL5_X.NASL", "SL_20150604_OPENSSL_ON_SL6_X.NASL", "SL_20150615_OPENSSL_ON_SL6_X.NASL", "SL_20150625_NSS_ON_SL6_X.NASL", "SL_20150630_OPENSSL_ON_SL5_X.NASL", "SL_20150715_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150715_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150715_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150730_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20150824_HTTPD_ON_SL6_X.NASL", "SL_20150824_HTTPD_ON_SL7_X.NASL", "SL_20150824_NSS_ON_SL5_X.NASL", "SL_20151026_NTP_ON_SL6_X.NASL", "SL_20151104_NSS_AND_NSPR_ON_SL5_X.NASL", "SL_20151104_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL", "SL_20151119_OPENSSH_ON_SL7_X.NASL", "SL_20151130_APACHE_COMMONS_COLLECTIONS_ON_SL7_X.NASL", "SL_20151130_JAKARTA_COMMONS_COLLECTIONS_ON_SL6_X.NASL", "SL_20151208_KERNEL_ON_SL7_X.NASL", "SL_20151214_OPENSSL_ON_SL5_X.NASL", "SL_20151214_OPENSSL_ON_SL6_X.NASL", "SL_20151215_KERNEL_ON_SL6_X.NASL", "SL_20151221_JAKARTA_COMMONS_COLLECTIONS_ON_SL5_X.NASL", "SL_20160107_GNUTLS_ON_SL6_X.NASL", "SL_20160107_NSS_ON_SL6_X.NASL", "SL_20160107_OPENSSL_ON_SL6_X.NASL", "SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20160125_NTP_ON_SL6_X.NASL", "SL_20160301_OPENSSL_ON_SL5_X.NASL", "SL_20160301_OPENSSL_ON_SL6_X.NASL", "SL_20160309_OPENSSL098E_ON_SL6_X.NASL", "SL_20160321_OPENSSH_ON_SL6_X.NASL", "SL_20160405_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL", "SL_20160425_NSS_AND_NSPR_ON_SL5_X.NASL", "SL_20160425_NSS__NSPR__NSS_SOFTOKN__AND_NSS_UTIL_ON_SL7_X.NASL", "SL_20160509_OPENSSL_ON_SL7_X.NASL", "SL_20160510_OPENSSL_ON_SL6_X.NASL", "SL_20160531_NTP_ON_SL6_X.NASL", "SL_20160531_OPENSSL_ON_SL5_X.NASL", "SL_20160531_SQUID34_ON_SL6_X.NASL", "SL_20160531_SQUID_ON_SL6_X.NASL", "SL_20160531_SQUID_ON_SL7_X.NASL", "SL_20160720_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160727_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160804_SQUID_ON_SL6_X.NASL", "SL_20160811_MARIADB_ON_SL7_X.NASL", "SL_20160826_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20161103_NTP_ON_SL7_X.NASL", "SMB_KB3009008.NASL", "SMB_KB3062760.NASL", "SMB_KB3108638.NASL", "SMB_NT_MS16-108.NASL", "SOLARIS10_142824-24.NASL", "SOLARIS10_148071.NASL", "SOLARIS10_150383.NASL", "SOLARIS10_150400-38.NASL", "SOLARIS10_X86_148072.NASL", "SOLARIS10_X86_150401-38.NASL", "SOLARIS11_BASH_20141107.NASL", "SOLARIS11_OPENSSL_20141014.NASL", "SOLARIS11_OPENSSL_20141104.NASL", "SOLARIS11_WANBOOT_20141014.NASL", "SOLARIS11_XORG_20130924.NASL", "SOLARIS_JUL2016_SRU11_2_14_5_0.NASL", "SOLARIS_JUL2016_SRU11_3_10_5_0.NASL", "SOLARIS_JUL2016_SRU11_3_8_7_0.NASL", "SOLARIS_JUL2016_SRU11_3_9_4_0.NASL", "SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SPLUNK_605.NASL", "SPLUNK_607.NASL", "SPLUNK_618.NASL", "SPLUNK_622.NASL", "SPLUNK_625.NASL", "SPLUNK_6334.NASL", "SPLUNK_642.NASL", "SQUID_4_0_9_CACHEMGR_CGI.NASL", "SQUID_4_0_9_ESI_CC.NASL", "SSH_LOGJAM.NASL", "SSL_DH_EXPORT_SUPPORTED_CIPHERS.NASL", "SSL_DROWN.NASL", "SSL_LOGJAM.NASL", "SSL_POODLE.NASL", "SSL_RC4_SUPPORTED_CIPHERS.NASL", "SSL_RSA_EXPORT_SUPPORTED_CIPHERS.NASL", "STRUTS_2_3_28_1_RCE.NASL", "STRUTS_2_3_28_1_WIN_LOCAL.NASL", "STUNNEL_5_02.NASL", "STUNNEL_5_06.NASL", "SUN_JAVA_WEB_SERVER_7_0_23.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_11_BASH-120713.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_COMPAT-OPENSSL097G-150122.NASL", "SUSE_11_EVOLUTION-DATA-SERVER-141114.NASL", "SUSE_11_GLIBC-150122.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_JAVA-1_7_0-IBM-141121.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBMYSQL55CLIENT18-150302.NASL", "SUSE_11_LIBOPENSSL-DEVEL-140604.NASL", "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "SUSE_11_LIBOPENSSL-DEVEL-150112.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_11_SUSEREGISTER-141121.NASL", "SUSE_11_XORG-X11-LIBXCB-130524.NASL", "SUSE_BASH-8217.NASL", "SUSE_GLIBC-9035.NASL", "SUSE_SU-2014-1387-1.NASL", "SUSE_SU-2014-1512-1.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2015-0743-1.NASL", "SUSE_SU-2015-0946-1.NASL", "SUSE_SU-2015-0974-1.NASL", "SUSE_SU-2015-1073-1.NASL", "SUSE_SU-2015-1085-1.NASL", "SUSE_SU-2015-1086-1.NASL", "SUSE_SU-2015-1086-2.NASL", "SUSE_SU-2015-1086-3.NASL", "SUSE_SU-2015-1086-4.NASL", "SUSE_SU-2015-1138-1.NASL", "SUSE_SU-2015-1143-1.NASL", "SUSE_SU-2015-1150-1.NASL", "SUSE_SU-2015-1161-1.NASL", "SUSE_SU-2015-1177-1.NASL", "SUSE_SU-2015-1177-2.NASL", "SUSE_SU-2015-1181-2.NASL", "SUSE_SU-2015-1182-2.NASL", "SUSE_SU-2015-1183-2.NASL", "SUSE_SU-2015-1184-1.NASL", "SUSE_SU-2015-1184-2.NASL", "SUSE_SU-2015-1268-2.NASL", "SUSE_SU-2015-1269-1.NASL", "SUSE_SU-2015-1319-1.NASL", "SUSE_SU-2015-1320-1.NASL", "SUSE_SU-2015-1329-1.NASL", "SUSE_SU-2015-1331-1.NASL", "SUSE_SU-2015-1345-1.NASL", "SUSE_SU-2015-1375-1.NASL", "SUSE_SU-2015-1449-1.NASL", "SUSE_SU-2015-1482-1.NASL", "SUSE_SU-2015-1509-1.NASL", "SUSE_SU-2015-1526-1.NASL", "SUSE_SU-2015-1544-1.NASL", "SUSE_SU-2015-1547-1.NASL", "SUSE_SU-2015-1547-2.NASL", "SUSE_SU-2015-1581-1.NASL", "SUSE_SU-2015-1695-1.NASL", "SUSE_SU-2015-1840-1.NASL", "SUSE_SU-2015-1851-1.NASL", "SUSE_SU-2015-1885-2.NASL", "SUSE_SU-2015-1926-1.NASL", "SUSE_SU-2015-1978-1.NASL", "SUSE_SU-2015-1981-1.NASL", "SUSE_SU-2015-2058-1.NASL", "SUSE_SU-2015-2081-1.NASL", "SUSE_SU-2015-2108-1.NASL", "SUSE_SU-2015-2166-1.NASL", "SUSE_SU-2015-2168-1.NASL", "SUSE_SU-2015-2168-2.NASL", "SUSE_SU-2015-2182-1.NASL", "SUSE_SU-2015-2192-1.NASL", "SUSE_SU-2015-2194-1.NASL", "SUSE_SU-2015-2216-1.NASL", "SUSE_SU-2015-2230-1.NASL", "SUSE_SU-2015-2237-1.NASL", "SUSE_SU-2015-2251-1.NASL", "SUSE_SU-2015-2275-1.NASL", "SUSE_SU-2015-2303-1.NASL", "SUSE_SU-2015-2306-1.NASL", "SUSE_SU-2015-2324-1.NASL", "SUSE_SU-2015-2326-1.NASL", "SUSE_SU-2015-2328-1.NASL", "SUSE_SU-2015-2338-1.NASL", "SUSE_SU-2015-2339-1.NASL", "SUSE_SU-2015-2342-1.NASL", "SUSE_SU-2016-0113-1.NASL", "SUSE_SU-2016-0149-1.NASL", "SUSE_SU-2016-0189-1.NASL", "SUSE_SU-2016-0224-1.NASL", "SUSE_SU-2016-0256-1.NASL", "SUSE_SU-2016-0265-1.NASL", "SUSE_SU-2016-0269-1.NASL", "SUSE_SU-2016-0334-1.NASL", "SUSE_SU-2016-0338-1.NASL", "SUSE_SU-2016-0390-1.NASL", "SUSE_SU-2016-0428-1.NASL", "SUSE_SU-2016-0431-1.NASL", "SUSE_SU-2016-0433-1.NASL", "SUSE_SU-2016-0584-1.NASL", "SUSE_SU-2016-0617-1.NASL", "SUSE_SU-2016-0620-1.NASL", "SUSE_SU-2016-0624-1.NASL", "SUSE_SU-2016-0631-1.NASL", "SUSE_SU-2016-0636-1.NASL", "SUSE_SU-2016-0641-1.NASL", "SUSE_SU-2016-0658-1.NASL", "SUSE_SU-2016-0678-1.NASL", "SUSE_SU-2016-0727-1.NASL", "SUSE_SU-2016-0770-1.NASL", "SUSE_SU-2016-0776-1.NASL", "SUSE_SU-2016-0777-1.NASL", "SUSE_SU-2016-0820-1.NASL", "SUSE_SU-2016-0909-1.NASL", "SUSE_SU-2016-1175-1.NASL", "SUSE_SU-2016-1177-1.NASL", "SUSE_SU-2016-1228-1.NASL", "SUSE_SU-2016-1233-1.NASL", "SUSE_SU-2016-1247-1.NASL", "SUSE_SU-2016-1267-1.NASL", "SUSE_SU-2016-1278-1.NASL", "SUSE_SU-2016-1290-1.NASL", "SUSE_SU-2016-1291-1.NASL", "SUSE_SU-2016-1311-1.NASL", "SUSE_SU-2016-1360-1.NASL", "SUSE_SU-2016-1457-1.NASL", "SUSE_SU-2016-1568-1.NASL", "SUSE_SU-2016-1618-1.NASL", "SUSE_SU-2016-1912-1.NASL", "SUSE_SU-2016-1996-1.NASL", "SUSE_SU-2016-1997-1.NASL", "SUSE_SU-2016-2008-1.NASL", "SUSE_SU-2016-2012-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-2089-1.NASL", "SUSE_SU-2016-2147-1.NASL", "SUSE_SU-2016-2209-1.NASL", "SUSE_SU-2016-2210-1.NASL", "SUSE_SU-2016-2218-1.NASL", "SUSE_SU-2016-2248-1.NASL", "SUSE_SU-2016-2261-1.NASL", "SUSE_SU-2016-2285-1.NASL", "SUSE_SU-2016-2286-1.NASL", "SUSE_SU-2016-2328-1.NASL", "SUSE_SU-2016-2329-1.NASL", "SUSE_SU-2016-2343-1.NASL", "SUSE_SU-2016-2347-1.NASL", "SUSE_SU-2016-2348-1.NASL", "SUSE_SU-2016-2385-1.NASL", "SUSE_SU-2016-2396-1.NASL", "SUSE_SU-2016-2408-1.NASL", "SUSE_SU-2016-2430-1.NASL", "SUSE_SU-2016-2726-1.NASL", "SUSE_SU-2017-0461-1.NASL", "SUSE_SU-2017-0585-1.NASL", "SUSE_SU-2017-0605-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2018-1768-1.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-3082-1.NASL", "TENABLE_OT_SIEMENS_CVE-2014-0224.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_6_0_44.NASL", "TOMCAT_7_0_55.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_7_0_60.NASL", "TOMCAT_8_0_11.NASL", "TOMCAT_8_0_15.NASL", "TOMCAT_8_0_21.NASL", "UBUNTU_USN-1855-1.NASL", "UBUNTU_USN-2031-1.NASL", "UBUNTU_USN-2032-1.NASL", "UBUNTU_USN-2232-1.NASL", "UBUNTU_USN-2232-2.NASL", "UBUNTU_USN-2232-3.NASL", "UBUNTU_USN-2232-4.NASL", "UBUNTU_USN-2459-1.NASL", "UBUNTU_USN-2485-1.NASL", "UBUNTU_USN-2486-1.NASL", "UBUNTU_USN-2487-1.NASL", "UBUNTU_USN-2523-1.NASL", "UBUNTU_USN-2639-1.NASL", "UBUNTU_USN-2656-1.NASL", "UBUNTU_USN-2656-2.NASL", "UBUNTU_USN-2672-1.NASL", "UBUNTU_USN-2673-1.NASL", "UBUNTU_USN-2686-1.NASL", "UBUNTU_USN-2696-1.NASL", "UBUNTU_USN-2706-1.NASL", "UBUNTU_USN-2710-1.NASL", "UBUNTU_USN-2710-2.NASL", "UBUNTU_USN-2783-1.NASL", "UBUNTU_USN-2785-1.NASL", "UBUNTU_USN-2790-1.NASL", "UBUNTU_USN-2791-1.NASL", "UBUNTU_USN-2819-1.NASL", "UBUNTU_USN-2830-1.NASL", "UBUNTU_USN-2840-1.NASL", "UBUNTU_USN-2841-1.NASL", "UBUNTU_USN-2841-2.NASL", "UBUNTU_USN-2842-1.NASL", "UBUNTU_USN-2842-2.NASL", "UBUNTU_USN-2843-1.NASL", "UBUNTU_USN-2843-2.NASL", "UBUNTU_USN-2844-1.NASL", "UBUNTU_USN-2863-1.NASL", "UBUNTU_USN-2864-1.NASL", "UBUNTU_USN-2865-1.NASL", "UBUNTU_USN-2866-1.NASL", "UBUNTU_USN-2880-1.NASL", "UBUNTU_USN-2880-2.NASL", "UBUNTU_USN-2883-1.NASL", "UBUNTU_USN-2884-1.NASL", "UBUNTU_USN-2903-1.NASL", "UBUNTU_USN-2903-2.NASL", "UBUNTU_USN-2904-1.NASL", "UBUNTU_USN-2914-1.NASL", "UBUNTU_USN-2959-1.NASL", "UBUNTU_USN-2973-1.NASL", "UBUNTU_USN-2995-1.NASL", "UBUNTU_USN-3040-1.NASL", "UBUNTU_USN-3043-1.NASL", "UBUNTU_USN-3062-1.NASL", "UBUNTU_USN-3077-1.NASL", "UBUNTU_USN-3096-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL", "VIRTUALBOX_5_0_10.NASL", "VIRTUALBOX_5_0_18.NASL", "VIRTUALBOX_5_0_22.NASL", "VIRTUALBOX_5_0_26.NASL", "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_2352327_REMOTE.NASL", "VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL", "VMWARE_HORIZON_VIEW_VMSA-2014-0006.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_OVFTOOL_VMSA_2014-0006.NASL", "VMWARE_PLAYER_LINUX_6_0_3.NASL", "VMWARE_PLAYER_MULTIPLE_VMSA_2014-0006.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_2601.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL", "VMWARE_VCENTER_CONVERTER_2014-0006.NASL", "VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL", "VMWARE_VCENTER_SERVER_APPLIANCE_2014-0006.NASL", "VMWARE_VCENTER_SUPPORT_ASSISTANT_2014-0006.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0006.NASL", "VMWARE_VCENTER_VMSA-2014-0006.NASL", "VMWARE_VCENTER_VMSA-2015-0001.NASL", "VMWARE_VCENTER_VMSA-2015-0003.NASL", "VMWARE_VMSA-2014-0006.NASL", "VMWARE_VMSA-2014-0006_REMOTE.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL", "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0006.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "WEBLOGIC_2016_3510.NASL", "WEBSPHERE_527817.NASL", "WEBSPHERE_711865.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_0_0_10.NASL", "WEBSPHERE_8_5_5_4.NASL", "WEBSPHERE_8_5_5_6.NASL", "WEBSPHERE_8_5_5_7.NASL", "WEB_APPLICATION_SCANNING_98829", "WEB_APPLICATION_SCANNING_98908", "WINSCP_5_5_4.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AM.NASL", "XEROX_XRX15AO_COLORQUBE.NASL", "XEROX_XRX15AP.NASL", "XEROX_XRX15AV.NASL", "XEROX_XRX15R.NASL"]}, {"type": "nmap", "idList": ["NMAP:ORACLE-BRUTE-STEALTH.NSE", "NMAP:SSL-CCS-INJECTION.NSE", "NMAP:SSL-DH-PARAMS.NSE", "NMAP:SSL-POODLE.NSE", "NMAP:SSLV2-DROWN.NSE"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-0224", "OPENSSL:CVE-2014-3569", "OPENSSL:CVE-2014-3570", "OPENSSL:CVE-2014-3571", "OPENSSL:CVE-2014-3572", "OPENSSL:CVE-2014-8275", "OPENSSL:CVE-2015-0204", "OPENSSL:CVE-2015-0205", "OPENSSL:CVE-2015-0206", "OPENSSL:CVE-2015-1788", "OPENSSL:CVE-2015-1789", "OPENSSL:CVE-2015-1790", "OPENSSL:CVE-2015-1791", "OPENSSL:CVE-2015-1792", "OPENSSL:CVE-2015-1793", "OPENSSL:CVE-2015-3193", "OPENSSL:CVE-2015-3194", "OPENSSL:CVE-2015-3195", "OPENSSL:CVE-2015-3197", "OPENSSL:CVE-2016-0701", "OPENSSL:CVE-2016-0702", "OPENSSL:CVE-2016-0705", "OPENSSL:CVE-2016-0797", "OPENSSL:CVE-2016-0798", "OPENSSL:CVE-2016-0799", "OPENSSL:CVE-2016-0800", "OPENSSL:CVE-2016-2105", "OPENSSL:CVE-2016-2106", "OPENSSL:CVE-2016-2107", "OPENSSL:CVE-2016-2108", "OPENSSL:CVE-2016-2109", "OPENSSL:CVE-2016-2176", "OPENSSL:CVE-2017-3732", "OPENSSL:CVE-2017-3738", "OPENSSL:CVE-2021-4160"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103440", "OPENVAS:1361412562310105042", "OPENVAS:1361412562310105043", "OPENVAS:1361412562310105044", "OPENVAS:1361412562310105045", "OPENVAS:1361412562310105056", "OPENVAS:1361412562310105057", "OPENVAS:1361412562310105129", "OPENVAS:1361412562310105130", "OPENVAS:1361412562310105158", "OPENVAS:1361412562310105188", "OPENVAS:1361412562310105190", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105192", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310105203", "OPENVAS:1361412562310105209", "OPENVAS:1361412562310105264", "OPENVAS:1361412562310105308", "OPENVAS:1361412562310105321", "OPENVAS:1361412562310105363", "OPENVAS:1361412562310105364", "OPENVAS:1361412562310105365", "OPENVAS:1361412562310105368", "OPENVAS:1361412562310105369", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310105465", "OPENVAS:1361412562310105517", "OPENVAS:1361412562310105528", "OPENVAS:1361412562310105549", "OPENVAS:1361412562310105567", "OPENVAS:1361412562310105605", "OPENVAS:1361412562310105608", "OPENVAS:1361412562310105666", "OPENVAS:1361412562310105668", "OPENVAS:1361412562310105678", "OPENVAS:1361412562310105679", "OPENVAS:1361412562310105682", "OPENVAS:1361412562310105691", "OPENVAS:1361412562310105692", "OPENVAS:1361412562310105726", "OPENVAS:1361412562310105732", "OPENVAS:1361412562310105798", "OPENVAS:1361412562310105828", "OPENVAS:1361412562310105946", "OPENVAS:1361412562310105950", "OPENVAS:1361412562310106046", "OPENVAS:1361412562310106048", "OPENVAS:1361412562310106049", "OPENVAS:1361412562310106262", "OPENVAS:1361412562310106267", "OPENVAS:1361412562310106284", "OPENVAS:1361412562310106285", "OPENVAS:1361412562310106286", "OPENVAS:1361412562310106353", "OPENVAS:1361412562310106354", "OPENVAS:1361412562310106355", "OPENVAS:1361412562310106390", "OPENVAS:1361412562310106412", "OPENVAS:1361412562310106426", "OPENVAS:1361412562310106428", "OPENVAS:1361412562310106510", "OPENVAS:1361412562310106609", "OPENVAS:1361412562310106619", "OPENVAS:1361412562310106754", "OPENVAS:1361412562310107007", "OPENVAS:1361412562310107141", "OPENVAS:1361412562310108384", "OPENVAS:1361412562310108386", "OPENVAS:1361412562310108387", "OPENVAS:1361412562310108393", "OPENVAS:1361412562310111012", "OPENVAS:1361412562310120017", "OPENVAS:1361412562310120033", "OPENVAS:1361412562310120034", "OPENVAS:1361412562310120041", "OPENVAS:1361412562310120044", "OPENVAS:1361412562310120063", "OPENVAS:1361412562310120110", "OPENVAS:1361412562310120113", "OPENVAS:1361412562310120167", "OPENVAS:1361412562310120170", "OPENVAS:1361412562310120188", "OPENVAS:1361412562310120189", "OPENVAS:1361412562310120286", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120288", "OPENVAS:1361412562310120289", "OPENVAS:1361412562310120310", "OPENVAS:1361412562310120311", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310120456", "OPENVAS:1361412562310120468", "OPENVAS:1361412562310120494", "OPENVAS:1361412562310120507", "OPENVAS:1361412562310120597", "OPENVAS:1361412562310120598", "OPENVAS:1361412562310120604", "OPENVAS:1361412562310120608", "OPENVAS:1361412562310120615", "OPENVAS:1361412562310120633", "OPENVAS:1361412562310120635", "OPENVAS:1361412562310120637", "OPENVAS:1361412562310120639", "OPENVAS:1361412562310120641", "OPENVAS:1361412562310120651", "OPENVAS:1361412562310120672", "OPENVAS:1361412562310120684", "OPENVAS:1361412562310120690", "OPENVAS:1361412562310120691", "OPENVAS:1361412562310120697", "OPENVAS:1361412562310120702", "OPENVAS:1361412562310120712", "OPENVAS:1361412562310120716", "OPENVAS:1361412562310120718", "OPENVAS:1361412562310120724", "OPENVAS:1361412562310120726", "OPENVAS:1361412562310120727", "OPENVAS:1361412562310120737", "OPENVAS:1361412562310121182", "OPENVAS:1361412562310121222", "OPENVAS:1361412562310121244", "OPENVAS:1361412562310121285", "OPENVAS:1361412562310121358", "OPENVAS:1361412562310121365", "OPENVAS:1361412562310121368", "OPENVAS:1361412562310121379", "OPENVAS:1361412562310121395", "OPENVAS:1361412562310121396", "OPENVAS:1361412562310121408", "OPENVAS:1361412562310121426", "OPENVAS:1361412562310121432", "OPENVAS:1361412562310121439", "OPENVAS:1361412562310121453", "OPENVAS:1361412562310121457", "OPENVAS:1361412562310122721", "OPENVAS:1361412562310122725", "OPENVAS:1361412562310122727", "OPENVAS:1361412562310122744", "OPENVAS:1361412562310122791", "OPENVAS:1361412562310122792", "OPENVAS:1361412562310122797", "OPENVAS:1361412562310122801", "OPENVAS:1361412562310122803", "OPENVAS:1361412562310122804", "OPENVAS:1361412562310122806", "OPENVAS:1361412562310122815", "OPENVAS:1361412562310122816", "OPENVAS:1361412562310122819", "OPENVAS:1361412562310122821", "OPENVAS:1361412562310122822", "OPENVAS:1361412562310122850", "OPENVAS:1361412562310122853", "OPENVAS:1361412562310122856", "OPENVAS:1361412562310122857", "OPENVAS:1361412562310122859", "OPENVAS:1361412562310122866", "OPENVAS:1361412562310122888", "OPENVAS:1361412562310122889", "OPENVAS:1361412562310122890", "OPENVAS:1361412562310122898", "OPENVAS:1361412562310122919", "OPENVAS:1361412562310122921", "OPENVAS:1361412562310122924", "OPENVAS:1361412562310122932", "OPENVAS:1361412562310122933", "OPENVAS:1361412562310123021", "OPENVAS:1361412562310123022", "OPENVAS:1361412562310123023", "OPENVAS:1361412562310123044", "OPENVAS:1361412562310123077", "OPENVAS:1361412562310123080", "OPENVAS:1361412562310123081", "OPENVAS:1361412562310123086", "OPENVAS:1361412562310123090", "OPENVAS:1361412562310123099", "OPENVAS:1361412562310123107", "OPENVAS:1361412562310123135", "OPENVAS:1361412562310123178", "OPENVAS:1361412562310123196", "OPENVAS:1361412562310123197", "OPENVAS:1361412562310123198", "OPENVAS:1361412562310123200", "OPENVAS:1361412562310123201", "OPENVAS:1361412562310123202", "OPENVAS:1361412562310123203", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310123365", "OPENVAS:1361412562310123368", "OPENVAS:1361412562310123401", "OPENVAS:1361412562310123402", "OPENVAS:1361412562310123403", "OPENVAS:1361412562310130082", "OPENVAS:1361412562310130083", "OPENVAS:1361412562310130097", "OPENVAS:1361412562310130098", "OPENVAS:1361412562310130104", "OPENVAS:1361412562310130109", "OPENVAS:1361412562310130114", "OPENVAS:1361412562310130117", "OPENVAS:1361412562310131100", "OPENVAS:1361412562310131115", "OPENVAS:1361412562310131137", "OPENVAS:1361412562310131144", "OPENVAS:1361412562310131174", "OPENVAS:1361412562310131177", "OPENVAS:1361412562310131203", "OPENVAS:1361412562310131212", "OPENVAS:1361412562310131222", "OPENVAS:1361412562310131244", "OPENVAS:1361412562310131256", "OPENVAS:1361412562310131285", "OPENVAS:1361412562310131301", "OPENVAS:1361412562310140017", "OPENVAS:1361412562310140019", "OPENVAS:1361412562310140020", "OPENVAS:1361412562310140116", "OPENVAS:1361412562310140127", "OPENVAS:1361412562310141826", "OPENVAS:1361412562310702950", "OPENVAS:1361412562310703053", "OPENVAS:1361412562310703125", "OPENVAS:1361412562310703142", "OPENVAS:1361412562310703144", "OPENVAS:1361412562310703147", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703287", "OPENVAS:1361412562310703300", "OPENVAS:1361412562310703316", "OPENVAS:1361412562310703324", "OPENVAS:1361412562310703325", "OPENVAS:1361412562310703336", "OPENVAS:1361412562310703339", "OPENVAS:1361412562310703388", "OPENVAS:1361412562310703393", "OPENVAS:1361412562310703406", "OPENVAS:1361412562310703410", "OPENVAS:1361412562310703413", "OPENVAS:1361412562310703414", "OPENVAS:1361412562310703426", "OPENVAS:1361412562310703436", "OPENVAS:1361412562310703437", "OPENVAS:1361412562310703454", "OPENVAS:1361412562310703457", "OPENVAS:1361412562310703458", "OPENVAS:1361412562310703465", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310703491", "OPENVAS:1361412562310703500", "OPENVAS:1361412562310703566", "OPENVAS:1361412562310703624", "OPENVAS:1361412562310703625", "OPENVAS:1361412562310703629", "OPENVAS:1361412562310703632", "OPENVAS:1361412562310703641", "OPENVAS:1361412562310703688", "OPENVAS:136141256231072521", "OPENVAS:1361412562310802087", "OPENVAS:1361412562310803957", "OPENVAS:1361412562310805142", "OPENVAS:1361412562310805157", "OPENVAS:1361412562310805188", "OPENVAS:1361412562310805616", "OPENVAS:1361412562310805676", "OPENVAS:1361412562310805698", "OPENVAS:1361412562310805905", "OPENVAS:1361412562310805906", "OPENVAS:1361412562310805907", "OPENVAS:1361412562310805908", "OPENVAS:1361412562310805913", "OPENVAS:1361412562310805914", "OPENVAS:1361412562310806018", "OPENVAS:1361412562310806052", "OPENVAS:1361412562310806125", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310806533", "OPENVAS:1361412562310806550", "OPENVAS:1361412562310806551", "OPENVAS:1361412562310806552", "OPENVAS:1361412562310806553", "OPENVAS:1361412562310806651", "OPENVAS:1361412562310806652", "OPENVAS:1361412562310806653", "OPENVAS:1361412562310806654", "OPENVAS:1361412562310806655", "OPENVAS:1361412562310806656", "OPENVAS:1361412562310806669", "OPENVAS:1361412562310806673", "OPENVAS:1361412562310806674", "OPENVAS:1361412562310806675", "OPENVAS:1361412562310806676", "OPENVAS:1361412562310806693", "OPENVAS:1361412562310806718", "OPENVAS:1361412562310806744", "OPENVAS:1361412562310806745", "OPENVAS:1361412562310806746", "OPENVAS:1361412562310806747", "OPENVAS:1361412562310806952", "OPENVAS:1361412562310806953", "OPENVAS:1361412562310806954", "OPENVAS:1361412562310806955", "OPENVAS:1361412562310806988", "OPENVAS:1361412562310806991", "OPENVAS:1361412562310806992", "OPENVAS:1361412562310807034", "OPENVAS:1361412562310807036", "OPENVAS:1361412562310807047", "OPENVAS:1361412562310807052", "OPENVAS:1361412562310807054", "OPENVAS:1361412562310807095", "OPENVAS:1361412562310807096", "OPENVAS:1361412562310807097", "OPENVAS:1361412562310807098", "OPENVAS:1361412562310807227", "OPENVAS:1361412562310807228", "OPENVAS:1361412562310807293", "OPENVAS:1361412562310807351", "OPENVAS:1361412562310807460", "OPENVAS:1361412562310807565", "OPENVAS:1361412562310807567", "OPENVAS:1361412562310807569", "OPENVAS:1361412562310807570", "OPENVAS:1361412562310807598", "OPENVAS:1361412562310807635", "OPENVAS:1361412562310807636", "OPENVAS:1361412562310807809", "OPENVAS:1361412562310807812", "OPENVAS:1361412562310807813", "OPENVAS:1361412562310807814", "OPENVAS:1361412562310807816", "OPENVAS:1361412562310807817", "OPENVAS:1361412562310807923", "OPENVAS:1361412562310807925", "OPENVAS:1361412562310807927", "OPENVAS:1361412562310807962", "OPENVAS:1361412562310807963", "OPENVAS:1361412562310807965", "OPENVAS:1361412562310807967", "OPENVAS:1361412562310807969", "OPENVAS:1361412562310807972", "OPENVAS:1361412562310807997", "OPENVAS:1361412562310808016", "OPENVAS:1361412562310808023", "OPENVAS:1361412562310808029", "OPENVAS:1361412562310808257", "OPENVAS:1361412562310808258", "OPENVAS:1361412562310808259", "OPENVAS:1361412562310808260", "OPENVAS:1361412562310808261", "OPENVAS:1361412562310808262", "OPENVAS:1361412562310808302", "OPENVAS:1361412562310808312", "OPENVAS:1361412562310808352", "OPENVAS:1361412562310808374", "OPENVAS:1361412562310808407", "OPENVAS:1361412562310808467", "OPENVAS:1361412562310808523", "OPENVAS:1361412562310808530", "OPENVAS:1361412562310808538", "OPENVAS:1361412562310808563", "OPENVAS:1361412562310808568", "OPENVAS:1361412562310808588", "OPENVAS:1361412562310808590", "OPENVAS:1361412562310808591", "OPENVAS:1361412562310808592", "OPENVAS:1361412562310808593", "OPENVAS:1361412562310808594", "OPENVAS:1361412562310808595", "OPENVAS:1361412562310808596", "OPENVAS:1361412562310808597", "OPENVAS:1361412562310808599", "OPENVAS:1361412562310808621", "OPENVAS:1361412562310808622", "OPENVAS:1361412562310808623", "OPENVAS:1361412562310808700", "OPENVAS:1361412562310808701", "OPENVAS:1361412562310808702", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310808704", "OPENVAS:1361412562310808705", "OPENVAS:1361412562310808706", "OPENVAS:1361412562310808861", "OPENVAS:1361412562310808882", "OPENVAS:1361412562310809478", "OPENVAS:1361412562310810227", "OPENVAS:1361412562310810232", "OPENVAS:1361412562310810233", "OPENVAS:1361412562310810748", "OPENVAS:1361412562310813191", "OPENVAS:1361412562310831716", "OPENVAS:1361412562310841462", "OPENVAS:1361412562310841633", "OPENVAS:1361412562310841637", "OPENVAS:1361412562310841843", "OPENVAS:1361412562310841854", "OPENVAS:1361412562310841867", "OPENVAS:1361412562310841933", "OPENVAS:1361412562310842062", "OPENVAS:1361412562310842076", "OPENVAS:1361412562310842077", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842123", "OPENVAS:1361412562310842212", "OPENVAS:1361412562310842242", "OPENVAS:1361412562310842277", "OPENVAS:1361412562310842279", "OPENVAS:1361412562310842280", "OPENVAS:1361412562310842375", "OPENVAS:1361412562310842386", "OPENVAS:1361412562310842398", "OPENVAS:1361412562310842404", "OPENVAS:1361412562310842409", "OPENVAS:1361412562310842418", "OPENVAS:1361412562310842504", "OPENVAS:1361412562310842511", "OPENVAS:1361412562310842512", "OPENVAS:1361412562310842513", "OPENVAS:1361412562310842545", "OPENVAS:1361412562310842552", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842565", "OPENVAS:1361412562310842567", "OPENVAS:1361412562310842568", "OPENVAS:1361412562310842569", "OPENVAS:1361412562310842571", "OPENVAS:1361412562310842572", "OPENVAS:1361412562310842574", "OPENVAS:1361412562310842575", "OPENVAS:1361412562310842593", "OPENVAS:1361412562310842594", "OPENVAS:1361412562310842596", "OPENVAS:1361412562310842597", "OPENVAS:1361412562310842618", "OPENVAS:1361412562310842620", "OPENVAS:1361412562310842630", "OPENVAS:1361412562310842634", "OPENVAS:1361412562310842646", "OPENVAS:1361412562310842660", "OPENVAS:1361412562310842671", "OPENVAS:1361412562310842682", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310842769", "OPENVAS:1361412562310842784", "OPENVAS:1361412562310842841", "OPENVAS:1361412562310842843", "OPENVAS:1361412562310842863", "OPENVAS:1361412562310842881", "OPENVAS:1361412562310842905", "OPENVAS:1361412562310850590", "OPENVAS:1361412562310850591", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850630", "OPENVAS:1361412562310850633", "OPENVAS:1361412562310850661", "OPENVAS:1361412562310850663", "OPENVAS:1361412562310850664", "OPENVAS:1361412562310850666", "OPENVAS:1361412562310850671", "OPENVAS:1361412562310850672", "OPENVAS:1361412562310850678", "OPENVAS:1361412562310850749", "OPENVAS:1361412562310850751", "OPENVAS:1361412562310850760", "OPENVAS:1361412562310850771", "OPENVAS:1361412562310850788", "OPENVAS:1361412562310850791", "OPENVAS:1361412562310850800", "OPENVAS:1361412562310850825", "OPENVAS:1361412562310850826", "OPENVAS:1361412562310850827", "OPENVAS:1361412562310850839", "OPENVAS:1361412562310850849", "OPENVAS:1361412562310850875", "OPENVAS:1361412562310850877", "OPENVAS:1361412562310850889", "OPENVAS:1361412562310850898", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850914", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850941", "OPENVAS:1361412562310850960", "OPENVAS:1361412562310850964", "OPENVAS:1361412562310850981", "OPENVAS:1361412562310850983", "OPENVAS:1361412562310850995", "OPENVAS:1361412562310851032", "OPENVAS:1361412562310851042", "OPENVAS:1361412562310851044", "OPENVAS:1361412562310851077", "OPENVAS:1361412562310851094", "OPENVAS:1361412562310851131", "OPENVAS:1361412562310851132", "OPENVAS:1361412562310851137", "OPENVAS:1361412562310851138", "OPENVAS:1361412562310851141", "OPENVAS:1361412562310851157", "OPENVAS:1361412562310851167", "OPENVAS:1361412562310851168", "OPENVAS:1361412562310851170", "OPENVAS:1361412562310851171", "OPENVAS:1361412562310851173", "OPENVAS:1361412562310851174", "OPENVAS:1361412562310851175", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310851177", "OPENVAS:1361412562310851178", "OPENVAS:1361412562310851180", "OPENVAS:1361412562310851183", "OPENVAS:1361412562310851185", "OPENVAS:1361412562310851197", "OPENVAS:1361412562310851198", "OPENVAS:1361412562310851203", "OPENVAS:1361412562310851219", "OPENVAS:1361412562310851220", "OPENVAS:1361412562310851221", "OPENVAS:1361412562310851222", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851224", "OPENVAS:1361412562310851228", "OPENVAS:1361412562310851229", "OPENVAS:1361412562310851273", "OPENVAS:1361412562310851289", "OPENVAS:1361412562310851295", "OPENVAS:1361412562310851296", "OPENVAS:1361412562310851297", "OPENVAS:1361412562310851298", "OPENVAS:1361412562310851299", "OPENVAS:1361412562310851300", "OPENVAS:1361412562310851308", "OPENVAS:1361412562310851309", "OPENVAS:1361412562310851310", "OPENVAS:1361412562310851316", "OPENVAS:1361412562310851318", "OPENVAS:1361412562310851323", "OPENVAS:1361412562310851336", "OPENVAS:1361412562310851337", "OPENVAS:1361412562310851379", "OPENVAS:1361412562310851380", "OPENVAS:1361412562310851381", "OPENVAS:1361412562310851384", "OPENVAS:1361412562310851401", "OPENVAS:1361412562310851429", "OPENVAS:1361412562310851430", "OPENVAS:1361412562310851505", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310865696", "OPENVAS:1361412562310867850", "OPENVAS:1361412562310867851", "OPENVAS:1361412562310868079", "OPENVAS:1361412562310868082", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868453", "OPENVAS:1361412562310868454", "OPENVAS:1361412562310868455", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868467", "OPENVAS:1361412562310868468", "OPENVAS:1361412562310868471", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868597", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868601", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868693", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310868770", "OPENVAS:1361412562310868824", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868921", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869039", "OPENVAS:1361412562310869045", "OPENVAS:1361412562310869053", "OPENVAS:1361412562310869084", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310869362", "OPENVAS:1361412562310869382", "OPENVAS:1361412562310869416", "OPENVAS:1361412562310869446", "OPENVAS:1361412562310869448", "OPENVAS:1361412562310869449", "OPENVAS:1361412562310869465", "OPENVAS:1361412562310869492", "OPENVAS:1361412562310869508", "OPENVAS:1361412562310869536", "OPENVAS:1361412562310869559", "OPENVAS:1361412562310869732", "OPENVAS:1361412562310869740", "OPENVAS:1361412562310869742", "OPENVAS:1361412562310869789", "OPENVAS:1361412562310869816", "OPENVAS:1361412562310869826", "OPENVAS:1361412562310869829", "OPENVAS:1361412562310869834", "OPENVAS:1361412562310869875", "OPENVAS:1361412562310869911", "OPENVAS:1361412562310869959", "OPENVAS:1361412562310871172", "OPENVAS:1361412562310871174", "OPENVAS:1361412562310871176", "OPENVAS:1361412562310871183", "OPENVAS:1361412562310871188", "OPENVAS:1361412562310871265", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871297", "OPENVAS:1361412562310871300", "OPENVAS:1361412562310871303", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310871307", "OPENVAS:1361412562310871308", "OPENVAS:1361412562310871353", "OPENVAS:1361412562310871364", "OPENVAS:1361412562310871376", "OPENVAS:1361412562310871382", "OPENVAS:1361412562310871385", "OPENVAS:1361412562310871390", "OPENVAS:1361412562310871391", "OPENVAS:1361412562310871392", "OPENVAS:1361412562310871422", "OPENVAS:1361412562310871434", "OPENVAS:1361412562310871436", "OPENVAS:1361412562310871437", "OPENVAS:1361412562310871465", "OPENVAS:1361412562310871468", "OPENVAS:1361412562310871469", "OPENVAS:1361412562310871506", "OPENVAS:1361412562310871511", "OPENVAS:1361412562310871512", "OPENVAS:1361412562310871516", "OPENVAS:1361412562310871520", "OPENVAS:1361412562310871521", "OPENVAS:1361412562310871524", "OPENVAS:1361412562310871529", "OPENVAS:1361412562310871532", "OPENVAS:1361412562310871535", "OPENVAS:1361412562310871536", "OPENVAS:1361412562310871542", "OPENVAS:1361412562310871543", "OPENVAS:1361412562310871544", "OPENVAS:1361412562310871545", "OPENVAS:1361412562310871547", "OPENVAS:1361412562310871563", "OPENVAS:1361412562310871564", "OPENVAS:1361412562310871569", "OPENVAS:1361412562310871579", "OPENVAS:1361412562310871592", "OPENVAS:1361412562310871602", "OPENVAS:1361412562310871603", "OPENVAS:1361412562310871610", "OPENVAS:1361412562310871614", "OPENVAS:1361412562310871622", "OPENVAS:1361412562310871623", "OPENVAS:1361412562310871624", "OPENVAS:1361412562310871625", "OPENVAS:1361412562310871626", "OPENVAS:1361412562310871639", "OPENVAS:1361412562310871642", "OPENVAS:1361412562310871647", "OPENVAS:1361412562310871652", "OPENVAS:1361412562310871656", "OPENVAS:1361412562310871685", "OPENVAS:1361412562310873323", "OPENVAS:1361412562310873333", "OPENVAS:1361412562310881939", "OPENVAS:1361412562310881943", "OPENVAS:1361412562310881944", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310882062", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882089", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882095", "OPENVAS:1361412562310882097", "OPENVAS:1361412562310882098", "OPENVAS:1361412562310882101", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882105", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882107", "OPENVAS:1361412562310882108", "OPENVAS:1361412562310882109", "OPENVAS:1361412562310882163", "OPENVAS:1361412562310882192", "OPENVAS:1361412562310882194", "OPENVAS:1361412562310882198", "OPENVAS:1361412562310882199", "OPENVAS:1361412562310882207", "OPENVAS:1361412562310882208", "OPENVAS:1361412562310882209", "OPENVAS:1361412562310882210", "OPENVAS:1361412562310882215", "OPENVAS:1361412562310882220", "OPENVAS:1361412562310882221", "OPENVAS:1361412562310882222", "OPENVAS:1361412562310882224", "OPENVAS:1361412562310882225", "OPENVAS:1361412562310882236", "OPENVAS:1361412562310882237", "OPENVAS:1361412562310882255", "OPENVAS:1361412562310882256", "OPENVAS:1361412562310882258", "OPENVAS:1361412562310882307", "OPENVAS:1361412562310882308", "OPENVAS:1361412562310882310", "OPENVAS:1361412562310882313", "OPENVAS:1361412562310882314", "OPENVAS:1361412562310882315", "OPENVAS:1361412562310882316", "OPENVAS:1361412562310882317", "OPENVAS:1361412562310882318", "OPENVAS:1361412562310882321", "OPENVAS:1361412562310882333", "OPENVAS:1361412562310882337", "OPENVAS:1361412562310882339", "OPENVAS:1361412562310882340", "OPENVAS:1361412562310882342", "OPENVAS:1361412562310882355", "OPENVAS:1361412562310882356", "OPENVAS:1361412562310882357", "OPENVAS:1361412562310882360", "OPENVAS:1361412562310882363", "OPENVAS:1361412562310882366", "OPENVAS:1361412562310882370", "OPENVAS:1361412562310882371", "OPENVAS:1361412562310882372", "OPENVAS:1361412562310882373", "OPENVAS:1361412562310882374", "OPENVAS:1361412562310882375", "OPENVAS:1361412562310882376", "OPENVAS:1361412562310882403", "OPENVAS:1361412562310882404", "OPENVAS:1361412562310882405", "OPENVAS:1361412562310882412", "OPENVAS:1361412562310882414", "OPENVAS:1361412562310882431", "OPENVAS:1361412562310882446", "OPENVAS:1361412562310882447", "OPENVAS:1361412562310882449", "OPENVAS:1361412562310882472", "OPENVAS:1361412562310882473", "OPENVAS:1361412562310882474", "OPENVAS:1361412562310882475", "OPENVAS:1361412562310882476", "OPENVAS:1361412562310882477", "OPENVAS:1361412562310882486", "OPENVAS:1361412562310882495", "OPENVAS:1361412562310882496", "OPENVAS:1361412562310882497", "OPENVAS:1361412562310882498", "OPENVAS:1361412562310882499", "OPENVAS:1361412562310882500", "OPENVAS:1361412562310882523", "OPENVAS:1361412562310882524", "OPENVAS:1361412562310882528", "OPENVAS:1361412562310882529", "OPENVAS:1361412562310882530", "OPENVAS:1361412562310882538", "OPENVAS:1361412562310882543", "OPENVAS:1361412562310882548", "OPENVAS:1361412562310882549", "OPENVAS:1361412562310882550", "OPENVAS:1361412562310891500", "OPENVAS:1361412562310892686", "OPENVAS:1361412562311220161017", "OPENVAS:1361412562311220161025", "OPENVAS:1361412562311220161032", "OPENVAS:1361412562311220161035", "OPENVAS:1361412562311220161060", "OPENVAS:1361412562311220171039", "OPENVAS:1361412562311220171040", "OPENVAS:1361412562311220171124", "OPENVAS:1361412562311220171125", "OPENVAS:1361412562311220181115", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220191386", "OPENVAS:1361412562311220191388", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191419", "OPENVAS:1361412562311220191488", "OPENVAS:1361412562311220191536", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220191548", "OPENVAS:1361412562311220191551", "OPENVAS:1361412562311220191553", "OPENVAS:1361412562311220191555", "OPENVAS:1361412562311220191556", "OPENVAS:1361412562311220191861", "OPENVAS:1361412562311220191980", "OPENVAS:1361412562311220192215", "OPENVAS:1361412562311220192217", "OPENVAS:1361412562311220192271", "OPENVAS:1361412562311220192509", "OPENVAS:1361412562311220192643", "OPENVAS:1361412562311220201210", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201637", "OPENVAS:1361412562311220201774", "OPENVAS:702950", "OPENVAS:703053", "OPENVAS:703125", "OPENVAS:703142", "OPENVAS:703144", "OPENVAS:703147", "OPENVAS:703253", "OPENVAS:703287", "OPENVAS:703300", "OPENVAS:703316", "OPENVAS:703324", "OPENVAS:703325", "OPENVAS:703336", "OPENVAS:703339", "OPENVAS:703388", "OPENVAS:703393", "OPENVAS:703406", "OPENVAS:703410", "OPENVAS:703413", "OPENVAS:703414", "OPENVAS:703426", "OPENVAS:703436", "OPENVAS:703437", "OPENVAS:703454", "OPENVAS:703457", "OPENVAS:703458", "OPENVAS:703465", "OPENVAS:703489", "OPENVAS:703491", "OPENVAS:703500", "OPENVAS:703566", "OPENVAS:703624", "OPENVAS:703625", "OPENVAS:703629", "OPENVAS:703632", "OPENVAS:703641", "OPENVAS:703688", "OPENVAS:72521", "OPENVAS:831716", "OPENVAS:841462", "OPENVAS:841633", "OPENVAS:841637", "OPENVAS:865696", "OPENVAS:892686"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000001", "OPENWRT-SA-000007", "OPENWRT-SA-000008", "OPENWRT-SA-000009"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2015-2365600", "ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2016V3-2985753", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2017-3236618", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2018-3678067", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2015-1972971", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2016-2367955", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2017-2881727", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2015-2367936", "ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2012-1515893", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2016-2881722", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0624", "ELSA-2014-0625", "ELSA-2014-0626", "ELSA-2014-0679", "ELSA-2014-0680", "ELSA-2014-1053", "ELSA-2014-1652", "ELSA-2014-1653", "ELSA-2014-3040", "ELSA-2015-0066", "ELSA-2015-0067", "ELSA-2015-0068", "ELSA-2015-0069", "ELSA-2015-0085", "ELSA-2015-0090", "ELSA-2015-0092", "ELSA-2015-0101", "ELSA-2015-0327", "ELSA-2015-0800", "ELSA-2015-1072", "ELSA-2015-1115", "ELSA-2015-1185", "ELSA-2015-1197", "ELSA-2015-1228", "ELSA-2015-1229", "ELSA-2015-1230", "ELSA-2015-1526", "ELSA-2015-1627", "ELSA-2015-1664", "ELSA-2015-1666", "ELSA-2015-1667", "ELSA-2015-1668", "ELSA-2015-1930", "ELSA-2015-1980", "ELSA-2015-1981", "ELSA-2015-2088", "ELSA-2015-2231", "ELSA-2015-2521", "ELSA-2015-2522", "ELSA-2015-2552", "ELSA-2015-2616", "ELSA-2015-2617", "ELSA-2015-2636", "ELSA-2015-2671", "ELSA-2015-3010", "ELSA-2015-3022", "ELSA-2015-3107", "ELSA-2016-0007", "ELSA-2016-0008", "ELSA-2016-0012", "ELSA-2016-0049", "ELSA-2016-0050", "ELSA-2016-0053", "ELSA-2016-0054", "ELSA-2016-0063", "ELSA-2016-0301", "ELSA-2016-0302", "ELSA-2016-0372", "ELSA-2016-0466", "ELSA-2016-0591", "ELSA-2016-0684", "ELSA-2016-0685", "ELSA-2016-0722", "ELSA-2016-0780", "ELSA-2016-0996", "ELSA-2016-1137", "ELSA-2016-1138", "ELSA-2016-1139", "ELSA-2016-1140", "ELSA-2016-1141", "ELSA-2016-1458", "ELSA-2016-1504", "ELSA-2016-1602", "ELSA-2016-1776", "ELSA-2016-2583", "ELSA-2016-2600", "ELSA-2016-3502", "ELSA-2016-3503", "ELSA-2016-3523", "ELSA-2016-3531", "ELSA-2016-3556", "ELSA-2016-3558", "ELSA-2016-3571", "ELSA-2016-3576", "ELSA-2016-3621", "ELSA-2017-3071", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-0003-1", "OSV:DLA-0008-1", "OSV:DLA-132-1", "OSV:DLA-139-1", "OSV:DLA-1500-1", "OSV:DLA-1500-2", "OSV:DLA-157-1", "OSV:DLA-247-1", "OSV:DLA-274-1", "OSV:DLA-282-1", "OSV:DLA-284-1", "OSV:DLA-288-1", "OSV:DLA-288-2", "OSV:DLA-303-1", "OSV:DLA-315-1", "OSV:DLA-335-1", "OSV:DLA-344-1", "OSV:DLA-354-1", "OSV:DLA-358-1", "OSV:DLA-400-1", "OSV:DLA-410-1", "OSV:DLA-421-1", "OSV:DLA-427-1", "OSV:DLA-456-1", "OSV:DLA-478-1", "OSV:DLA-479-1", "OSV:DLA-480-1", "OSV:DLA-507-1", "OSV:DLA-556-1", "OSV:DLA-559-1", "OSV:DLA-567-1", "OSV:DLA-579-1", "OSV:DLA-81-1", "OSV:DSA-2686-1", "OSV:DSA-2950-1", "OSV:DSA-3053-1", "OSV:DSA-3092-1", "OSV:DSA-3125-1", "OSV:DSA-3142-1", "OSV:DSA-3144-1", "OSV:DSA-3147-1", "OSV:DSA-3253-1", "OSV:DSA-3287-1", "OSV:DSA-3300-1", "OSV:DSA-3316-1", "OSV:DSA-3324-1", "OSV:DSA-3325-1", "OSV:DSA-3325-2", "OSV:DSA-3336-1", "OSV:DSA-3339-1", "OSV:DSA-3388-1", "OSV:DSA-3393-1", "OSV:DSA-3406-1", "OSV:DSA-3410-1", "OSV:DSA-3413-1", "OSV:DSA-3414-1", "OSV:DSA-3426-1", "OSV:DSA-3436-1", "OSV:DSA-3437-1", "OSV:DSA-3454-1", "OSV:DSA-3457-1", "OSV:DSA-3458-1", "OSV:DSA-3465-1", "OSV:DSA-3489-1", "OSV:DSA-3491-1", "OSV:DSA-3500-1", "OSV:DSA-3566-1", "OSV:DSA-3624-1", "OSV:DSA-3625-1", "OSV:DSA-3629-1", "OSV:DSA-3632-1", "OSV:DSA-3641-1", "OSV:DSA-3688-1", "OSV:GHSA-5GGR-MPGW-3MGX", "OSV:GHSA-7JW3-5Q4W-89QG", "OSV:GHSA-QG25-HGJV-CG9Q"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:117503", "PACKETSTORM:130115", "PACKETSTORM:130171", "PACKETSTORM:130974", "PACKETSTORM:131157", "PACKETSTORM:132254", "PACKETSTORM:132843", "PACKETSTORM:134250", "PACKETSTORM:136856", "PACKETSTORM:143369", "PACKETSTORM:152324", "PACKETSTORM:153278", "PACKETSTORM:164014", "PACKETSTORM:167552"]}, {"type": "paloalto", "idList": ["PAN-SA-2014-0003", "PAN-SA-2014-0005", "PAN-SA-2015-0002", "PAN-SA-2016-0019", "PAN-SA-2016-0020", "PAN-SA-2016-0023", "PAN-SA-2016-0027", "PAN-SA-2016-0028", "PAN-SA-2016-0030"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:0624", "RHSA-2014:0625", "RHSA-2014:0626", "RHSA-2014:0627", "RHSA-2014:0628", "RHSA-2014:0629", "RHSA-2014:0630", "RHSA-2014:0631", "RHSA-2014:0632", "RHSA-2014:0679", "RHSA-2014:0680", "RHSA-2014:1436", "RHSA-2014:1652", "RHSA-2014:1653", "RHSA-2014:1692", "RHSA-2014:1876", "RHSA-2014:1877", "RHSA-2014:1880", "RHSA-2014:1881", "RHSA-2014:1882", "RHSA-2014:1948", "RHSA-2015:0066", "RHSA-2015:0067", "RHSA-2015:0068", "RHSA-2015:0069", "RHSA-2015:0079", "RHSA-2015:0080", "RHSA-2015:0085", "RHSA-2015:0086", "RHSA-2015:0090", "RHSA-2015:0092", "RHSA-2015:0099", "RHSA-2015:0101", "RHSA-2015:0126", "RHSA-2015:0264", "RHSA-2015:0698", "RHSA-2015:0800", "RHSA-2015:1006", "RHSA-2015:1007", "RHSA-2015:1020", "RHSA-2015:1021", "RHSA-2015:1072", "RHSA-2015:1091", "RHSA-2015:1115", "RHSA-2015:1185", "RHSA-2015:1197", "RHSA-2015:1228", "RHSA-2015:1229", "RHSA-2015:1230", "RHSA-2015:1241", "RHSA-2015:1242", "RHSA-2015:1243", "RHSA-2015:1485", "RHSA-2015:1486", "RHSA-2015:1488", "RHSA-2015:1526", "RHSA-2015:1544", "RHSA-2015:1545", "RHSA-2015:1546", "RHSA-2015:1604", "RHSA-2015:1664", "RHSA-2015:1666", "RHSA-2015:1667", "RHSA-2015:1668", "RHSA-2015:1930", "RHSA-2015:1980", "RHSA-2015:1981", "RHSA-2015:2068", "RHSA-2015:2088", "RHSA-2015:2500", "RHSA-2015:2501", "RHSA-2015:2502", "RHSA-2015:2514", "RHSA-2015:2516", "RHSA-2015:2517", "RHSA-2015:2520", "RHSA-2015:2521", "RHSA-2015:2522", "RHSA-2015:2523", "RHSA-2015:2524", "RHSA-2015:2534", "RHSA-2015:2535", "RHSA-2015:2536", "RHSA-2015:2537", "RHSA-2015:2538", "RHSA-2015:2539", "RHSA-2015:2540", "RHSA-2015:2542", "RHSA-2015:2547", "RHSA-2015:2552", "RHSA-2015:2556", "RHSA-2015:2557", "RHSA-2015:2558", "RHSA-2015:2559", "RHSA-2015:2560", "RHSA-2015:2578", "RHSA-2015:2579", "RHSA-2015:2616", "RHSA-2015:2617", "RHSA-2015:2636", "RHSA-2015:2645", "RHSA-2015:2659", "RHSA-2015:2660", "RHSA-2015:2670", "RHSA-2015:2671", "RHSA-2016:0004", "RHSA-2016:0007", "RHSA-2016:0008", "RHSA-2016:0012", "RHSA-2016:0024", "RHSA-2016:0040", "RHSA-2016:0046", "RHSA-2016:0049", "RHSA-2016:0050", "RHSA-2016:0053", "RHSA-2016:0054", "RHSA-2016:0055", "RHSA-2016:0056", "RHSA-2016:0061", "RHSA-2016:0062", "RHSA-2016:0063", "RHSA-2016:0066", "RHSA-2016:0098", "RHSA-2016:0099", "RHSA-2016:0100", "RHSA-2016:0101", "RHSA-2016:0103", "RHSA-2016:0118", "RHSA-2016:0301", "RHSA-2016:0302", "RHSA-2016:0303", "RHSA-2016:0304", "RHSA-2016:0305", "RHSA-2016:0306", "RHSA-2016:0372", "RHSA-2016:0379", "RHSA-2016:0445", "RHSA-2016:0446", "RHSA-2016:0466", "RHSA-2016:0490", "RHSA-2016:0534", "RHSA-2016:0591", "RHSA-2016:0684", "RHSA-2016:0685", "RHSA-2016:0705", "RHSA-2016:0722", "RHSA-2016:0996", "RHSA-2016:1132", "RHSA-2016:1137", "RHSA-2016:1138", "RHSA-2016:1139", "RHSA-2016:1140", "RHSA-2016:1141", "RHSA-2016:1376", "RHSA-2016:1430", "RHSA-2016:1458", "RHSA-2016:1475", "RHSA-2016:1476", "RHSA-2016:1477", "RHSA-2016:1480", "RHSA-2016:1481", "RHSA-2016:1504", "RHSA-2016:1519", "RHSA-2016:1552", "RHSA-2016:1573", "RHSA-2016:1587", "RHSA-2016:1588", "RHSA-2016:1589", "RHSA-2016:1601", "RHSA-2016:1602", "RHSA-2016:1603", "RHSA-2016:1604", "RHSA-2016:1637", "RHSA-2016:1648", "RHSA-2016:1649", "RHSA-2016:1773", "RHSA-2016:1776", "RHSA-2016:2054", "RHSA-2016:2055", "RHSA-2016:2073", "RHSA-2016:2583", "RHSA-2016:2957", "RHSA-2017:0193", "RHSA-2017:0194", "RHSA-2017:1216", "RHSA-2017:2486", "RHSA-2017:2596", "RHSA-2018:2568", "RHSA-2018:2575", "RHSA-2018:2713", "RHSA-2020:4274"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1181", "RH:CVE-2016-1182", "RH:CVE-2016-2105", "RH:CVE-2016-2106", "RH:CVE-2016-2107", "RH:CVE-2016-2108", "RH:CVE-2016-2176", "RH:CVE-2016-3424", "RH:CVE-2016-3440", "RH:CVE-2016-3452", "RH:CVE-2016-3458", "RH:CVE-2016-3459", "RH:CVE-2016-3471", "RH:CVE-2016-3477", "RH:CVE-2016-3485", "RH:CVE-2016-3486", "RH:CVE-2016-3498", "RH:CVE-2016-3500", "RH:CVE-2016-3501", "RH:CVE-2016-3503", "RH:CVE-2016-3508", "RH:CVE-2016-3518", "RH:CVE-2016-3521", "RH:CVE-2016-3550", "RH:CVE-2016-3552", "RH:CVE-2016-3587", "RH:CVE-2016-3588", "RH:CVE-2016-3598", "RH:CVE-2016-3606", "RH:CVE-2016-3610", "RH:CVE-2016-3614", "RH:CVE-2016-3615", "RH:CVE-2016-4953", "RH:CVE-2016-4956", "RH:CVE-2016-4957", "RH:CVE-2016-5436", "RH:CVE-2016-5437", "RH:CVE-2016-5439", "RH:CVE-2016-5440", "RH:CVE-2016-5441", "RH:CVE-2016-5442", "RH:CVE-2016-5443", "RH:CVE-2016-5444", "RH:CVE-2016-7431", "RH:CVE-2017-3738", "RH:CVE-2018-7184", "RH:CVE-2021-4160"]}, {"type": "saint", "idList": ["SAINT:30B69DA796085BC3E3B1C78E90D5EEF1", "SAINT:3C8676675136ED40AD965CF40F5B034D", "SAINT:C0B4D5468890CF90769399ACED5F1513", "SAINT:C2F1CFAE3C24599334963A0CD12F3E0B"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29076", "SECURITYVULNS:DOC:29233", "SECURITYVULNS:DOC:29414", "SECURITYVULNS:DOC:31041", "SECURITYVULNS:DOC:31090", "SECURITYVULNS:DOC:31293", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:DOC:31301", "SECURITYVULNS:DOC:31302", "SECURITYVULNS:DOC:31303", "SECURITYVULNS:DOC:31305", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31318", "SECURITYVULNS:DOC:31532", "SECURITYVULNS:DOC:31591", "SECURITYVULNS:DOC:31672", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:31783", "SECURITYVULNS:DOC:31790", "SECURITYVULNS:DOC:31890", "SECURITYVULNS:DOC:32116", "SECURITYVULNS:DOC:32203", "SECURITYVULNS:DOC:32265", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:DOC:32343", "SECURITYVULNS:DOC:32345", "SECURITYVULNS:DOC:32378", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:DOC:32423", "SECURITYVULNS:DOC:32492", "SECURITYVULNS:DOC:32493", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:DOC:32516", "SECURITYVULNS:DOC:32522", "SECURITYVULNS:DOC:32566", "SECURITYVULNS:DOC:32649", "SECURITYVULNS:VULN:12984", "SECURITYVULNS:VULN:13089", "SECURITYVULNS:VULN:13429", "SECURITYVULNS:VULN:13544", "SECURITYVULNS:VULN:13810", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:13971", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14062", "SECURITYVULNS:VULN:14063", "SECURITYVULNS:VULN:14164", "SECURITYVULNS:VULN:14192", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14240", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14306", "SECURITYVULNS:VULN:14314", "SECURITYVULNS:VULN:14333", "SECURITYVULNS:VULN:14366", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14484", "SECURITYVULNS:VULN:14530", "SECURITYVULNS:VULN:14561", "SECURITYVULNS:VULN:14562", "SECURITYVULNS:VULN:14572", "SECURITYVULNS:VULN:14573", "SECURITYVULNS:VULN:14598", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14614", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:VULN:14678", "SECURITYVULNS:VULN:14697", "SECURITYVULNS:VULN:14702", "SECURITYVULNS:VULN:14751", "SECURITYVULNS:VULN:14755"]}, {"type": "seebug", "idList": ["SSV:89237", "SSV:89999", "SSV:90853", "SSV:90854", "SSV:90860", "SSV:91389", "SSV:91447", "SSV:91448", "SSV:92577", "SSV:92692", "SSV:96543", "SSV:96647", "SSV:96649", "SSV:96693", "SSV:96694", "SSV:96695", "SSV:96697", "SSV:96698", "SSV:96699", "SSV:96700", "SSV:96701", "SSV:96702", "SSV:96703", "SSV:96704", "SSV:96705", "SSV:96706", "SSV:96707", "SSV:96708", "SSV:96709", "SSV:96710", "SSV:96784", "SSV:96786", "SSV:96787"]}, {"type": "slackware", "idList": ["SSA-2014-156-03", "SSA-2014-288-01", "SSA-2015-009-01", "SSA-2015-028-01", "SSA-2015-162-01", "SSA-2015-190-01", "SSA-2015-198-01", "SSA-2015-302-01", "SSA-2015-302-03", "SSA-2015-310-02", "SSA-2015-349-01", "SSA-2015-349-04", "SSA-2016-034-03", "SSA-2016-054-04", "SSA-2016-062-02", "SSA-2016-120-01", "SSA-2016-124-01"]}, {"type": "srcincite", "idList": ["SRC-2016-0024", "SRC-2016-0025"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0764-1", "OPENSUSE-SU-2014:0765-1", "OPENSUSE-SU-2014:1331-1", "OPENSUSE-SU-2015:0130-1", "OPENSUSE-SU-2015:0162-1", "OPENSUSE-SU-2015:0184-1", "OPENSUSE-SU-2015:0190-1", "OPENSUSE-SU-2015:1139-1", "OPENSUSE-SU-2015:1216-1", "OPENSUSE-SU-2015:1229-1", "OPENSUSE-SU-2015:1266-1", "OPENSUSE-SU-2015:1277-1", "OPENSUSE-SU-2015:1288-1", "OPENSUSE-SU-2015:1289-1", "OPENSUSE-SU-2015:1942-1", "OPENSUSE-SU-2015:2243-1", "OPENSUSE-SU-2016:0124-1", "OPENSUSE-SU-2016:0226-1", "OPENSUSE-SU-2016:0255-1", "OPENSUSE-SU-2016:0261-1", "OPENSUSE-SU-2016:0263-1", "OPENSUSE-SU-2016:0268-1", "OPENSUSE-SU-2016:0270-1", "OPENSUSE-SU-2016:0272-1", "OPENSUSE-SU-2016:0279-1", "OPENSUSE-SU-2016:0301-1", "OPENSUSE-SU-2016:0306-1", "OPENSUSE-SU-2016:0309-1", "OPENSUSE-SU-2016:0318-1", "OPENSUSE-SU-2016:0627-1", "OPENSUSE-SU-2016:0628-1", "OPENSUSE-SU-2016:0637-1", "OPENSUSE-SU-2016:0638-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:0720-1", "OPENSUSE-SU-2016:1008-1", "OPENSUSE-SU-2016:1237-1", "OPENSUSE-SU-2016:1238-1", "OPENSUSE-SU-2016:1239-1", "OPENSUSE-SU-2016:1240-1", "OPENSUSE-SU-2016:1241-1", "OPENSUSE-SU-2016:1242-1", "OPENSUSE-SU-2016:1243-1", "OPENSUSE-SU-2016:1273-1", "OPENSUSE-SU-2016:1292-1", "OPENSUSE-SU-2016:1329-1", "OPENSUSE-SU-2016:1332-1", "OPENSUSE-SU-2016:1566-1", "OPENSUSE-SU-2016:2050-1", "OPENSUSE-SU-2016:2051-1", "OPENSUSE-SU-2016:2052-1", "OPENSUSE-SU-2016:2058-1", "OPENSUSE-SU-2016:2451-1", "OPENSUSE-SU-2016:2649-1", "OPENSUSE-SU-2016:2746-1", "OPENSUSE-SU-2016:2769-1", "OPENSUSE-SU-2016:2788-1", "OPENSUSE-SU-2017:3345-1", "SUSE-SU-2014:0759-1", "SUSE-SU-2014:0759-2", "SUSE-SU-2014:0761-1", "SUSE-SU-2014:0762-1", "SUSE-SU-2014:0768-1", "SUSE-SU-2014:1214-1", "SUSE-SU-2014:1357-1", "SUSE-SU-2014:1361-1", "SUSE-SU-2014:1386-1", "SUSE-SU-2014:1387-1", "SUSE-SU-2014:1387-2", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1526-1", "SUSE-SU-2014:1526-2", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0010-1", "SUSE-SU-2015:0158-1", "SUSE-SU-2015:0336-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0345-1", "SUSE-SU-2015:0376-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2015:0503-1", "SUSE-SU-2015:0578-1", "SUSE-SU-2015:0620-1", "SUSE-SU-2015:0743-1", "SUSE-SU-2015:0946-1", "SUSE-SU-2015:1073-1", "SUSE-SU-2015:1085-1", "SUSE-SU-2015:1086-1", "SUSE-SU-2015:1086-2", "SUSE-SU-2015:1086-3", "SUSE-SU-2015:1086-4", "SUSE-SU-2015:1138-1", "SUSE-SU-2015:1143-1", "SUSE-SU-2015:1150-1", "SUSE-SU-2015:1161-1", "SUSE-SU-2015:1177-1", "SUSE-SU-2015:1177-2", "SUSE-SU-2015:1181-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-1", "SUSE-SU-2015:1182-2", "SUSE-SU-2015:1183-1", "SUSE-SU-2015:1183-2", "SUSE-SU-2015:1184-1", "SUSE-SU-2015:1184-2", "SUSE-SU-2015:1185-1", "SUSE-SU-2015:1268-1", "SUSE-SU-2015:1268-2", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1319-1", "SUSE-SU-2015:1320-1", "SUSE-SU-2015:1329-1", "SUSE-SU-2015:1331-1", "SUSE-SU-2015:1345-1", "SUSE-SU-2015:1375-1", "SUSE-SU-2015:1449-1", "SUSE-SU-2015:1509-1", "SUSE-SU-2015:1581-1", "SUSE-SU-2015:1663-1", "SUSE-SU-2015:1926-1", "SUSE-SU-2015:1978-1", "SUSE-SU-2015:1981-1", "SUSE-SU-2015:2081-1", "SUSE-SU-2015:2108-1", "SUSE-SU-2015:2166-1", "SUSE-SU-2015:2168-1", "SUSE-SU-2015:2168-2", "SUSE-SU-2015:2182-1", "SUSE-SU-2015:2192-1", "SUSE-SU-2015:2194-1", "SUSE-SU-2015:2216-1", "SUSE-SU-2015:2339-1", "SUSE-SU-2015:2350-1", "SUSE-SU-2016:0113-1", "SUSE-SU-2016:0224-1", "SUSE-SU-2016:0256-1", "SUSE-SU-2016:0262-1", "SUSE-SU-2016:0265-1", "SUSE-SU-2016:0269-1", "SUSE-SU-2016:0334-1", "SUSE-SU-2016:0338-1", "SUSE-SU-2016:0354-1", "SUSE-SU-2016:0390-1", "SUSE-SU-2016:0399-1", "SUSE-SU-2016:0401-1", "SUSE-SU-2016:0428-1", "SUSE-SU-2016:0431-1", "SUSE-SU-2016:0433-1", "SUSE-SU-2016:0617-1", "SUSE-SU-2016:0620-1", "SUSE-SU-2016:0621-1", "SUSE-SU-2016:0624-1", "SUSE-SU-2016:0631-1", "SUSE-SU-2016:0636-1", "SUSE-SU-2016:0641-1", "SUSE-SU-2016:0658-1", "SUSE-SU-2016:0678-1", "SUSE-SU-2016:0727-1", "SUSE-SU-2016:0748-1", "SUSE-SU-2016:0770-1", "SUSE-SU-2016:0776-1", "SUSE-SU-2016:0777-1", "SUSE-SU-2016:0778-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2016:0820-1", "SUSE-SU-2016:0909-1", "SUSE-SU-2016:1057-1", "SUSE-SU-2016:1175-1", "SUSE-SU-2016:1177-1", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1233-1", "SUSE-SU-2016:1247-1", "SUSE-SU-2016:1267-1", "SUSE-SU-2016:1278-1", "SUSE-SU-2016:1290-1", "SUSE-SU-2016:1291-1", "SUSE-SU-2016:1311-1", "SUSE-SU-2016:1360-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1459-1", "SUSE-SU-2016:1471-1", "SUSE-SU-2016:1568-1", "SUSE-SU-2016:1912-1", "SUSE-SU-2016:1996-1", "SUSE-SU-2016:1997-1", "SUSE-SU-2016:2012-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:2089-1", "SUSE-SU-2016:2094-1", "SUSE-SU-2016:2261-1", "SUSE-SU-2016:2286-1", "SUSE-SU-2016:2328-1", "SUSE-SU-2016:2343-1", "SUSE-SU-2016:2347-1", "SUSE-SU-2016:2348-1", "SUSE-SU-2016:2408-1", "SUSE-SU-2016:2726-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0112-1"]}, {"type": "symantec", "idList": ["SMNTC-1325", "SMNTC-1335", "SMNTC-1337", "SMNTC-1338", "SMNTC-1344", "SMNTC-1347", "SMNTC-1350", "SMNTC-1351", "SMNTC-1355", "SMNTC-1363", "SMNTC-1367", "SMNTC-91068", "SMNTC-93236"]}, {"type": "talos", "idList": ["TALOS-2016-0076", "TALOS-2016-0077", "TALOS-2016-0078", "TALOS-2016-0081", "TALOS-2016-0082", "TALOS-2016-0084", "TALOS-2016-0096", "TALOS-2016-0097", "TALOS-2016-0098", "TALOS-2016-0099", "TALOS-2016-0100", "TALOS-2016-0101", "TALOS-2016-0102", "TALOS-2016-0103", "TALOS-2016-0104", "TALOS-2016-0105", "TALOS-2016-0156", "TALOS-2016-0157", "TALOS-2016-0158", "TALOS-2016-0159", "TALOS-2016-0161", "TALOS-2016-0162", "TALOS-2016-0163", "TALOS-2016-0203", "TALOS-2016-0204", "TALOS-2016-0260"]}, {"type": "thn", "idList": ["THN:11ACCB96E6DF3B8769AC3B63D2F85776", "THN:222E7964C49D6C2FA7B49F28896E3933", "THN:3DD8F9ADFFEB290F33825414D41B0F41", "THN:7CACCDBBDB47286572F59C67E92AF821", "THN:A649F4ABCE9B99052139693A13D95B14", "THN:ACBFC80659E47A5B7C81B99570749679", "THN:B18DB0BB2ACAF13D6FBF3445755365E3", "THN:D2B91981A95FA63440BEC1909D1FAE82", "THN:D51D2C52B1B2C955A000257C0463AE00", "THN:DE8AA8BC1B57B5EDE3E407E4F781669E"]}, {"type": "threatpost", "idList": ["THREATPOST:0498AD2D4E6DC30F08F971EB191B8C5E", "THREATPOST:3A858BD40E6943BD3F4553301036091D", "THREATPOST:54145B143BF11C716167531924DBD4F1", "THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:79FD5014002E21B53F4970E1583AB7F2", "THREATPOST:7C04F69C011AEFD7882B6B95405A26C6", "THREATPOST:8B5C2D5280CC957CA9A4CB0C697F96D8", "THREATPOST:9D9869F89AC0737D7BCF95D2D1CF13F8", "THREATPOST:A5161FD8579FC8D6BD28F429682A17F9", "THREATPOST:C67169E038FB8F98C9DE037029EB7D5A", "THREATPOST:CF8A831748EC23AA2B67F64081A55155", "THREATPOST:D2914F833BA3C7DD85A61C132121F8BD"]}, {"type": "ubuntu", "idList": ["USN-1855-1", "USN-2031-1", "USN-2032-1", "USN-2232-1", "USN-2232-2", "USN-2232-3", "USN-2232-4", "USN-2459-1", "USN-2485-1", "USN-2486-1", "USN-2487-1", "USN-2523-1", "USN-2639-1", "USN-2656-1", "USN-2656-2", "USN-2672-1", "USN-2673-1", "USN-2686-1", "USN-2696-1", "USN-2706-1", "USN-2710-1", "USN-2710-2", "USN-2783-1", "USN-2785-1", "USN-2790-1", "USN-2791-1", "USN-2819-1", "USN-2830-1", "USN-2840-1", "USN-2841-1", "USN-2841-2", "USN-2842-1", "USN-2842-2", "USN-2843-1", "USN-2843-2", "USN-2844-1", "USN-2863-1", "USN-2864-1", "USN-2865-1", "USN-2866-1", "USN-2880-1", "USN-2880-2", "USN-2883-1", "USN-2884-1", "USN-2903-1", "USN-2903-2", "USN-2904-1", "USN-2914-1", "USN-2959-1", "USN-2973-1", "USN-2995-1", "USN-3040-1", "USN-3043-1", "USN-3062-1", "USN-3077-1", "USN-3096-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-3410", "UB:CVE-2013-2064", "UB:CVE-2013-2566", "UB:CVE-2014-0224", "UB:CVE-2014-3566", "UB:CVE-2014-3569", "UB:CVE-2014-3570", "UB:CVE-2014-3571", "UB:CVE-2014-3572", "UB:CVE-2014-8275", "UB:CVE-2015-0204", "UB:CVE-2015-0205", "UB:CVE-2015-0206", "UB:CVE-2015-0228", "UB:CVE-2015-0235", "UB:CVE-2015-1788", "UB:CVE-2015-1789", "UB:CVE-2015-1790", "UB:CVE-2015-1791", "UB:CVE-2015-1792", "UB:CVE-2015-1793", "UB:CVE-2015-2319", "UB:CVE-2015-2721", "UB:CVE-2015-2774", "UB:CVE-2015-2808", "UB:CVE-2015-3183", "UB:CVE-2015-3193", "UB:CVE-2015-3194", "UB:CVE-2015-3195", "UB:CVE-2015-3197", "UB:CVE-2015-3236", "UB:CVE-2015-3237", "UB:CVE-2015-3253", "UB:CVE-2015-4000", "UB:CVE-2015-4852", "UB:CVE-2015-5300", "UB:CVE-2015-5377", "UB:CVE-2015-5600", "UB:CVE-2015-7181", "UB:CVE-2015-7182", "UB:CVE-2015-7183", "UB:CVE-2015-7501", "UB:CVE-2015-7575", "UB:CVE-2015-7704", "UB:CVE-2015-7705", "UB:CVE-2015-7979", "UB:CVE-2015-8104", "UB:CVE-2015-8138", "UB:CVE-2016-0701", "UB:CVE-2016-0702", "UB:CVE-2016-0703", "UB:CVE-2016-0704", "UB:CVE-2016-0705", "UB:CVE-2016-0797", "UB:CVE-2016-0798", "UB:CVE-2016-0799", "UB:CVE-2016-0800", "UB:CVE-2016-1181", "UB:CVE-2016-1182", "UB:CVE-2016-1547", "UB:CVE-2016-1548", "UB:CVE-2016-1550", "UB:CVE-2016-1938", "UB:CVE-2016-1978", "UB:CVE-2016-2105", "UB:CVE-2016-2106", "UB:CVE-2016-2107", "UB:CVE-2016-2108", "UB:CVE-2016-2109", "UB:CVE-2016-2176", "UB:CVE-2016-2518", "UB:CVE-2016-2842", "UB:CVE-2016-3081", "UB:CVE-2016-3424", "UB:CVE-2016-3440", "UB:CVE-2016-3452", "UB:CVE-2016-3458", "UB:CVE-2016-3459", "UB:CVE-2016-3471", "UB:CVE-2016-3477", "UB:CVE-2016-3485", "UB:CVE-2016-3486", "UB:CVE-2016-3498", "UB:CVE-2016-3500", "UB:CVE-2016-3501", "UB:CVE-2016-3503", "UB:CVE-2016-3508", "UB:CVE-2016-3511", "UB:CVE-2016-3518", "UB:CVE-2016-3521", "UB:CVE-2016-3550", "UB:CVE-2016-3552", "UB:CVE-2016-3587", "UB:CVE-2016-3588", "UB:CVE-2016-3597", "UB:CVE-2016-3598", "UB:CVE-2016-3606", "UB:CVE-2016-3610", "UB:CVE-2016-3612", "UB:CVE-2016-3614", "UB:CVE-2016-3615", "UB:CVE-2016-4051", "UB:CVE-2016-4052", "UB:CVE-2016-4053", "UB:CVE-2016-4054", "UB:CVE-2016-4953", "UB:CVE-2016-4956", "UB:CVE-2016-4957", "UB:CVE-2016-5408", "UB:CVE-2016-5436", "UB:CVE-2016-5437", "UB:CVE-2016-5439", "UB:CVE-2016-5440", "UB:CVE-2016-5441", "UB:CVE-2016-5442", "UB:CVE-2016-5443", "UB:CVE-2016-5444", "UB:CVE-2016-7431", "UB:CVE-2017-3732", "UB:CVE-2017-3738", "UB:CVE-2018-7184", "UB:CVE-2021-4160"]}, {"type": "veracode", "idList": ["VERACODE:26463"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2014-0006", "VMSA-2014-0006.11", "VMSA-2015-0001", "VMSA-2015-0001.2"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1430", "VULNERLAB:1430"]}, {"type": "xen", "idList": ["XSA-156"]}, {"type": "zdi", "idList": ["ZDI-15-365", "ZDI-16-441", "ZDI-16-442", "ZDI-16-443", "ZDI-16-444", "ZDI-16-445", "ZDI-16-446", "ZDI-16-447", "ZDI-16-448"]}, {"type": "zdt", "idList": ["1337DAY-ID-23215", "1337DAY-ID-23392", "1337DAY-ID-23861", "1337DAY-ID-23895", "1337DAY-ID-23928", "1337DAY-ID-24505", "1337DAY-ID-25234", "1337DAY-ID-25410", "1337DAY-ID-25990", "1337DAY-ID-32465", "1337DAY-ID-36699", "1337DAY-ID-37806"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_APRIL2015_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "OPENSSL_ADVISORY18.ASC", "SENDMAIL_ADVISORY2.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-350", "ALAS-2015-473", "ALAS-2015-493", "ALAS-2015-571", "ALAS-2016-645", "ALAS-2016-713"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108"]}, {"type": "apple", "idList": ["APPLE:E110ECBEC1B5F4EBE4C6799FF1A4F4E0"]}, {"type": "archlinux", "idList": ["ASA-201506-3", "ASA-201506-4", "ASA-201507-15", "ASA-201507-8", "ASA-201510-14", "ASA-201511-3", "ASA-201511-4", "ASA-201601-19", "ASA-201601-29", "ASA-201601-33", "ASA-201603-2", "ASA-201603-3", "ASA-201604-14", "ASA-201608-3", "ASA-201608-4", "ASA-201608-5"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONF-43333", "ATLASSIAN:JRASERVER-44296"]}, {"type": "attackerkb", "idList": ["AKB:38474044-13DA-4165-A8D4-86867CA68D83"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "canvas", "idList": ["STRUTS2_DMI_RCE"]}, {"type": "centos", "idList": ["CESA-2014:0624", "CESA-2014:0625", "CESA-2014:0626", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0066", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085", "CESA-2015:0090", "CESA-2015:0092", "CESA-2015:0800", "CESA-2015:1072", "CESA-2015:1115", "CESA-2015:1185", "CESA-2015:1197", "CESA-2015:1228", "CESA-2015:1229", "CESA-2015:1230", "CESA-2015:1526", "CESA-2015:1664", "CESA-2015:1667", "CESA-2015:1668", "CESA-2015:1930", "CESA-2015:1980", "CESA-2015:1981", "CESA-2015:2521", "CESA-2015:2616", "CESA-2015:2617", "CESA-2015:2636", "CESA-2015:2671", "CESA-2016:0007", "CESA-2016:0008", "CESA-2016:0012", "CESA-2016:0049", "CESA-2016:0050", "CESA-2016:0053", "CESA-2016:0054", "CESA-2016:0063", "CESA-2016:0301", "CESA-2016:0302", "CESA-2016:0372", "CESA-2016:0466", "CESA-2016:0534", "CESA-2016:0591", "CESA-2016:0684", "CESA-2016:0685", "CESA-2016:0722", "CESA-2016:1137", "CESA-2016:1138", "CESA-2016:1139", "CESA-2016:1140", "CESA-2016:1141", "CESA-2016:1458", "CESA-2016:1504", "CESA-2016:1573", "CESA-2016:1602", "CESA-2016:1776"]}, {"type": "cert", "idList": ["VU:583776", "VU:967332"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0223", "CPAI-2015-0802", "CPAI-2015-0858", "CPAI-2015-0994"]}, {"type": "checkpoint_security", "idList": ["CPS:SK101186", "CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK104443", "CPS:SK105062", "CPS:SK109942"]}, {"type": "chrome", "idList": ["GCSA-4830242147321115275"]}, {"type": "cisa", "idList": ["CISA:931C4B65156698E92C5A183C30284F30"]}, {"type": "cisco", "idList": ["CISCO-SA-20141211-CVE-2014-8730", "CISCO-SA-20150612-OPENSSL", "CISCO-SA-20150710-OPENSSL", "CISCO-SA-20151021-NTP", "CISCO-SA-20160302-OPENSSL"]}, {"type": "citrix", "idList": ["CTX233832"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2612C84317452E216670EAF7C553C9D4", "CFOUNDRY:ECE571CA3959D17438D4F74EAB109B4B"]}, {"type": "cve", "idList": ["CVE-2012-3137", "CVE-2012-3410", "CVE-2013-2064", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7575", "CVE-2015-7979", "CVE-2015-8104", "CVE-2016-0635", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1548", "CVE-2016-1978", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2176", "CVE-2016-3081", "CVE-2016-3432", "CVE-2016-3433", "CVE-2016-3440", "CVE-2016-3444", "CVE-2016-3445", "CVE-2016-3446", "CVE-2016-3448", "CVE-2016-3450", "CVE-2016-3451", "CVE-2016-3453", "CVE-2016-3458", "CVE-2016-3467", "CVE-2016-3468", "CVE-2016-3469", "CVE-2016-3470", "CVE-2016-3472", "CVE-2016-3474", "CVE-2016-3475", "CVE-2016-3476", "CVE-2016-3478", "CVE-2016-3479", "CVE-2016-3480", "CVE-2016-3481", "CVE-2016-3482", "CVE-2016-3483", "CVE-2016-3484", "CVE-2016-3485", "CVE-2016-3486", "CVE-2016-3487", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3490", "CVE-2016-3491", "CVE-2016-3493", "CVE-2016-3494", "CVE-2016-3496", "CVE-2016-3497", "CVE-2016-3498", "CVE-2016-3499", "CVE-2016-3500", "CVE-2016-3501", "CVE-2016-3502", "CVE-2016-3503", "CVE-2016-3504", "CVE-2016-3506", "CVE-2016-3507", "CVE-2016-3508", "CVE-2016-3509", "CVE-2016-3510", "CVE-2016-3511", "CVE-2016-3512", "CVE-2016-3513", "CVE-2016-3514", "CVE-2016-3515", "CVE-2016-3516", "CVE-2016-3517", "CVE-2016-3518", "CVE-2016-3519", "CVE-2016-3520", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3526", "CVE-2016-3527", "CVE-2016-3528", "CVE-2016-3529", "CVE-2016-3530", "CVE-2016-3531", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3537", "CVE-2016-3538", "CVE-2016-3539", "CVE-2016-3540", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3544", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3553", "CVE-2016-3554", "CVE-2016-3555", "CVE-2016-3556", "CVE-2016-3557", "CVE-2016-3558", "CVE-2016-3559", "CVE-2016-3560", "CVE-2016-3561", "CVE-2016-3563", "CVE-2016-3564", "CVE-2016-3565", "CVE-2016-3566", "CVE-2016-3567", "CVE-2016-3568", "CVE-2016-3569", "CVE-2016-3570", "CVE-2016-3571", "CVE-2016-3572", "CVE-2016-3573", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3584", "CVE-2016-3585", "CVE-2016-3586", "CVE-2016-3587", "CVE-2016-3588", "CVE-2016-3589", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596", "CVE-2016-3597", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3607", "CVE-2016-3608", "CVE-2016-3609", "CVE-2016-3610", "CVE-2016-3611", "CVE-2016-3612", "CVE-2016-3613", "CVE-2016-4051", "CVE-2016-4052", "CVE-2016-4053", "CVE-2016-5439", "CVE-2016-5445", "CVE-2016-5446", "CVE-2016-5447", "CVE-2016-5448", "CVE-2016-5449", "CVE-2016-5450", "CVE-2016-5451", "CVE-2016-5452", "CVE-2016-5453", "CVE-2016-5454", "CVE-2016-5455", "CVE-2016-5456", "CVE-2016-5457", "CVE-2016-5458", "CVE-2016-5459", "CVE-2016-5460", "CVE-2016-5461", "CVE-2016-5462", "CVE-2016-5463", "CVE-2016-5464", "CVE-2016-5465", "CVE-2016-5466", "CVE-2016-5467", "CVE-2016-5468", "CVE-2016-5469", "CVE-2016-5470", "CVE-2016-5471", "CVE-2016-5472", "CVE-2016-5473", "CVE-2016-5474", "CVE-2016-5475", "CVE-2016-5476", "CVE-2016-5477"]}, {"type": "debian", "idList": ["DEBIAN:DLA-139-1:543FA", "DEBIAN:DLA-1500-1:E6BD7", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-288-2:68C70", "DEBIAN:DLA-303-1:590A1", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-556-1:54106", "DEBIAN:DSA-2686-1:EE02D", "DEBIAN:DSA-2950-1:15DF5", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3125-1:8906F", "DEBIAN:DSA-3316-1:0E231", "DEBIAN:DSA-3325-2:8DA4D", "DEBIAN:DSA-3410-1:624AB", "DEBIAN:DSA-3436-1:E5B07", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3624-1:112F8", "DEBIAN:DSA-3624-1:EC39B", "DEBIAN:DSA-3625-1:AF539", "DEBIAN:DSA-3632-1:E9501", "DEBIAN:DSA-3632-1:F9C2A", "DEBIAN:DSA-3688-1:3F736", "DEBIAN:SSL-:DD9E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-3410", "DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2014-8275", "DEBIANCVE:CVE-2015-1792", "DEBIANCVE:CVE-2015-2808", "DEBIANCVE:CVE-2015-3194", "DEBIANCVE:CVE-2015-3197", "DEBIANCVE:CVE-2015-3236", "DEBIANCVE:CVE-2016-0705", "DEBIANCVE:CVE-2016-0797", "DEBIANCVE:CVE-2016-1547", "DEBIANCVE:CVE-2016-3458", "DEBIANCVE:CVE-2016-3550", "DEBIANCVE:CVE-2016-3587"]}, {"type": "exploitdb", "idList": ["EDB-ID:44041"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:99988BAE0A27143CB886C29FF1A9E24F"]}, {"type": "f5", "idList": ["F5:K04734219", "F5:K05046514", "F5:K16135", "F5:K16674", "F5:K17232507", "F5:K17251", "F5:K31372672", "F5:K34681653", "F5:K43205719", "F5:K64505405", "F5:K71245322", "F5:K79215841", "F5:K95463126", "SOL02201365", "SOL05016441", "SOL07538415", "SOL10600056", "SOL12824341", "SOL14638", "SOL15325", "SOL16120", "SOL16864", "SOL17251", "SOL17566", "SOL20804323", "SOL23196136", "SOL23230229", "SOL23453330", "SOL31372672", "SOL33209124", "SOL36488941", "SOL40521234", "SOL43205719", "SOL47145213", "SOL51920288", "SOL63675293", "SOL64009378", "SOL75152412", "SOL86772626", "SOL95463126"]}, {"type": "fedora", "idList": ["FEDORA:0FE8860E4374", "FEDORA:2E88760877A1", "FEDORA:58BAF60A0C7C", "FEDORA:5CE3E6118DC1", "FEDORA:821736164C16", "FEDORA:955A2608A1F0", "FEDORA:997B660D68A4", "FEDORA:C4B9C600DD15", "FEDORA:D0DE56087498", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5", "FEDORA:E2E6921BA7", "FEDORA:E67696087B8D", "FEDORA:EC00C6087D62"]}, {"type": "fortinet", "idList": ["FG-IR-14-031", "FG-IR-16-012"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "03532A19-D68E-11E6-9171-14DAE9D210B8", "075952FE-267E-11E5-9D03-3C970E169BC2", "0DAD9114-60CC-11E4-9E84-0022156E8794", "10F7BC76-0335-4A88-B391-0B05B3A8CE1C", "29083F8E-2CA8-11E5-86FF-14DAE9D210B8", "2EEBEBFF-CD3B-11E2-8F09-001B38C3836C", "3679FD10-C5D1-11E5-B85F-0018FE623F2B", "3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "4EAE4F46-B5CE-11E5-8A2B-D050996490D0", "5237F5D7-C020-11E5-B397-D050996490D0", "5B74A5BC-348F-11E5-BA05-C80AA9043978", "6D33B3E5-EA03-11E5-85BE-14DAE9D210B8", "75091516-6F4B-4059-9884-6727023DC366", "8305E215-1080-11E5-8BA2-000C2980A9F3", "8C2B2F11-0EBE-11E6-B55E-B499BAEBFEAF", "A8EC4DB7-A398-11E5-85E9-14DAE9D210B8", "C4A18A12-77FC-11E5-A687-206A8A720317", "E05BFC92-0763-11E6-94FA-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201405-07", "GLSA-201411-10", "GLSA-201506-02", "GLSA-201601-05", "GLSA-201605-06"]}, {"type": "githubexploit", "idList": ["2ED15233-2A01-53F8-A939-8A4D06481CF4", "B41082A1-4177-53E2-A74C-8ABA13AA3E86"]}, {"type": "hackerone", "idList": ["H1:119808", "H1:134880", "H1:50170", "H1:73241"]}, {"type": "hp", "idList": ["HP:C04451722"]}, {"type": "httpd", "idList": ["HTTPD:E07AEA8765BD0F6E15AAD496A2714564"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20150226-01-GLIBC", "HUAWEI-SA-20150919-01-RC4"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "065C6267E33F60E263D9B7F689F432B3413883F6EF7A0BE4EDF4BB598847FCFA", "0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "11850D4935C59F6F9B6E5C5A80BAF8C5490B646F230553654E07EC29A53AE9E3", "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "13A0372B23AE8A4E68139CD880DEBEEBDC7987A59621CA5160456B358686AF73", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "1881A1204BADBD9BD522A6CFF2A910C20362A745FD9338022BAA1FF39E57D778", "2287B7930359AFE1373993C3806D5B58E0203D7B34173EF0EFB1D583985E57C6", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "3309187D4E18CA64FBA2802831081F87C606EFBA57F3B4C747B9B13ECD265CE1", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "35E8926C22ED4C3243C1B5C02680DD61921D50FF6BE976433A3D51EB64E6BBB8", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "38BC00D7FF3545C436AC4533805630DD0B45CDB4B97F36F6ADAE8817F3A655C7", "39363AED3B9BDDB49D0C52F0CDFC81C967AD700C9C11C5FCBC2F96F1F4C99487", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "3B11861A1C6A1658F4CCA0857EFB445DDD388E749F390CC0A61C823304AEAB17", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "5455A5366A120EFE046B191CE85A7EAC26F1620B600AC84C31362DD48C43453F", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "583218C6793673348464B4CA7ABCE493024F93CE8CBCA8C1FBCC2992D3BDC40A", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5CAC33E06E2C656A8F0F2B3DD8616A6C1527F08B2D322F61DBC7614925A11B76", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "6DF3814722A33BAC4382EFDB9DF33B5A2FFEA62B91E068C5925CD8FDD7EED52D", "721E6575EC4195C159F3DFAD38C6122D1576DA30768EE56292CD196BFE358988", "7545FC6960BC08536BD63AD777890D26CE8FBACF18C55DCC74C636085DAC612B", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "787C1621D06EE465998FEBEFA80BA8B6DAEC2388BAF60D434FCE4B04471920AA", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "7AEFC9814578EA5DC2EFFAE9F289D2307A840D9868EE8B6CED3F1E668F7010FC", "7B815188E16C52B322DD4246EBAB0FC7BA3EDE14D3D566E6B024A1EA3CA43349", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7FFC9D02CF4E41D82C797DF64C1AB3F317232B978DF318282845098228C6A4EE", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "82DCDA96004A5FA5D49A7CFE54A99D1CD5DD4735B6B568B1A2432924A113F1A6", "840E0B75D9A525859E6D257E20A9FBDAABF9390C554A5CEE157B1DD3B19422FA", "8600D4FE1C84EFD70C8C1A94E48F4DDFC42B18B82D5F8C7EE6D12E22048B63B3", "86569DC1304F95D744865045A81A6FAA23B9E1424022D3523E5E95B8B420B3BA", "8976330D24BA16C6597AF93C67C2A46121ECFA13975E064BAC48376E8563DA89", "8B8C66A4898A077124BBB8B80AF8131F97AB4CE33B457487C6EF966698FD1EC8", "8D32D1F194329BA56AB2404AB16F06BCF8F5CE6BEC3C715F218ECA7ABBA7D4D9", "937053D178A403D90ADE669A574517EC3D828AFADB2ABAAF335EADA26FB2E061", "964EDC6CD9B7F054F4C96F9A72758F0466AA9B78A7A3E8AA96F516DFD1AB1CFD", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "A01095B85130C6F3590205F9C223B6445272B68D08E6AB6E74247C45E91CE8A8", "A088E95B8F348168E2F9D59616CC8FEE986938DDF7C70A389A1EB3505D55DCA3", "A5EE6903D383C042ADBB5FEF76C2F60C5F1B6BFAAA0ABAB88DC4660244B7AED4", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AB1990CCF9D6A307BC98A44FDCD73837D64D583DA165615A5EAB1AC9A7D0F3F2", "AEC322D7B231A41EB50B885093083A12F434B90088B8332217FF86B6AE09FCAB", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "B180B820F6F3D6EDAC7172E78991F02AFB09886A95FE4CB55E9318F8D116CF4C", "B3921AD53237CD309893EF9A4039A94178B245A6C3604A14153D2DAE483A41EC", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "BBAF4A8874B4E6550EACD53B3B3956D87F91956BE43B6AC0570EF1AE5320225C", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DB9DF00AB208BADC001393BCFE99FE4AD1B2C7C68488061EC684A276D26990", "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "D25E542BA06847406F0771CE578D65B5B33DC2B6075998991AD1E4B5FFA08DF6", "D453C632FF9EC3087898B06E3DFD86A6FE0EFBF4D9E74F1A54E4DB3CBADA0D49", "D4C14A34EC1B00D3147200FDC14C4DDC167ED501429795B352A596233DEA1967", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F5D69384E79508ECF3D6B7C440049FE6823228F992C7519603AA316546A8DE60", "F6AFA8ACEF585CD43E06DE7164EBB8240A1255197762E88CB2BA50823C840FA9", "F98C6B1EAC8D235F19136FBD257D2C504AAE6912C5BCB9B73AE39565E359364A", "FAA2B691DD1E76E786CADE53CD8A2391FDC6BE6F5B14624181F6008CE76C4E36", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A", "FC6C4426C76B592E968FD3C9EA26406E90FB3C95C30F68EC9CCD547D24485997", "FE0CD9D782041746DBFBA9DFD5A169C98E21DF40D5DB566AD15D9898EFE9D6E4"]}, {"type": "ics", "idList": ["ICSA-21-159-11"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:E90923CAE21ADFC423A96B462BCBC0DF"]}, {"type": "jvn", "idList": ["JVN:61247051"]}, {"type": "kaspersky", "idList": ["KLA10382", "KLA10689", "KLA10748", "KLA10848"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/SSL_VERSION", "MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_GHOST_SCANNER", "MSF:AUXILIARY/SCANNER/SSL/OPENSSL_CCS", "MSF:EXPLOIT/LINUX/HTTP/STRUTS_DMI_EXEC", "MSF:EXPLOIT/MULTI/HTTP/STRUTS_DMI_EXEC", "MSF:ILITIES/AIX-5.3-JAVA_APRIL2015_ADVISORY_CVE-2015-0204/", "MSF:ILITIES/AIX-5.3-OPENSSL_ADVISORY12_CVE-2014-3571/", "MSF:ILITIES/AIX-5.3-OPENSSL_ADVISORY12_CVE-2014-8275/", "MSF:ILITIES/AMAZON_LINUX-CVE-2017-3738/", "MSF:ILITIES/HPSMH-CVE-2014-0224/", "MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-3732/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2014-3571/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-3738/", "MSF:ILITIES/REDHAT_LINUX-CVE-2015-5195/", "MSF:ILITIES/REDHAT_LINUX-CVE-2015-7701/", "MSF:ILITIES/SUSE-CVE-2015-7855/", "MSF:ILITIES/SUSE-CVE-2017-3738/"]}, {"type": "mozilla", "idList": ["MFSA2013-103", "MFSA2016-15"]}, {"type": "mscve", "idList": ["MS:ADV160006"]}, {"type": "myhack58", "idList": ["MYHACK58:62201891264"]}, {"type": "n0where", "idList": ["N0WHERE:172575"]}, {"type": "nessus", "idList": ["700650.PRM", "801936.PRM", "9075.PRM", "9198.PRM", "9252.PRM", "9309.PRM", "AIX_IV73319.NASL", "AIX_IV73419.NASL", "AIX_IV75646.NASL", "AIX_IV82328.NASL", "AIX_IV82331.NASL", "AIX_IV86116.NASL", "AIX_IV86117.NASL", "AIX_JAVA_JULY2016_ADVISORY.NASL", "AIX_NTP_V4_ADVISORY5.NASL", "AIX_NTP_V4_ADVISORY6.NASL", "AIX_OPENSSL_ADVISORY20.NASL", "AIX_OPENSSL_ADVISORY9.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-569.NASL", "ALA_ALAS-2015-570.NASL", "ALA_ALAS-2015-578.NASL", "ALA_ALAS-2015-607.NASL", "ALA_ALAS-2016-643.NASL", "ALA_ALAS-2016-695.NASL", "ALA_ALAS-2016-708.NASL", "ALA_ALAS-2016-713.NASL", "ALA_ALAS-2016-723.NASL", "ALA_ALAS-2016-729.NASL", "ALA_ALAS-2016-737.NASL", "ALA_ALAS-2016-738.NASL", "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "BLUECOAT_PROXY_SG_6_5_4_4.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2015-1229.NASL", "CENTOS_RHSA-2015-1230.NASL", "CENTOS_RHSA-2015-1526.NASL", "CENTOS_RHSA-2015-1664.NASL", "CENTOS_RHSA-2015-1930.NASL", "CENTOS_RHSA-2015-1981.NASL", "CENTOS_RHSA-2015-2552.NASL", "CENTOS_RHSA-2016-0053.NASL", "CENTOS_RHSA-2016-0054.NASL", "CENTOS_RHSA-2016-1137.NASL", "CENTOS_RHSA-2016-1138.NASL", "CENTOS_RHSA-2016-1139.NASL", "CENTOS_RHSA-2016-1140.NASL", "CENTOS_RHSA-2016-1458.NASL", "CENTOS_RHSA-2016-1504.NASL", "CENTOS_RHSA-2016-1776.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL", "CISCO-SA-20150310-SSL-NXOS.NASL", "CISCO-SA-20150710-OPENSSL-VSG.NASL", "CISCO_ANYCONNECT_3_1_7021.NASL", "CISCO_ASA_CSCUP22532.NASL", "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "CITRIX_XENSERVER_CTX212736.NASL", "DB2_105FP7_WIN.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-247.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-284.NASL", "DEBIAN_DLA-335.NASL", "DEBIAN_DLA-421.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-478.NASL", "DEBIAN_DLA-579.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3125.NASL", "DEBIAN_DSA-3300.NASL", "DEBIAN_DSA-3325.NASL", "DEBIAN_DSA-3336.NASL", "DEBIAN_DSA-3457.NASL", "DEBIAN_DSA-3566.NASL", "DEBIAN_DSA-3641.NASL", "F5_BIGIP_SOL05046514.NASL", "F5_BIGIP_SOL12824341.NASL", "F5_BIGIP_SOL14638.NASL", "F5_BIGIP_SOL16135.NASL", "F5_BIGIP_SOL16674.NASL", "F5_BIGIP_SOL16864.NASL", "F5_BIGIP_SOL31372672.NASL", "F5_BIGIP_SOL33209124.NASL", "F5_BIGIP_SOL44512851.NASL", "F5_BIGIP_SOL95463126.NASL", "FEDORA_2013-9070.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2015-0601.NASL", "FEDORA_2015-10047.NASL", "FEDORA_2015-11475.NASL", "FEDORA_2015-115C302856.NASL", "FEDORA_2015-11792.NASL", "FEDORA_2015-394835A3F6.NASL", "FEDORA_2015-77BFBC1BCD.NASL", "FEDORA_2015-F150B2A8C8.NASL", "FEDORA_2016-05C567DF1A.NASL", "FEDORA_2016-1411324654.NASL", "FEDORA_2016-1E39D934ED.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-2802690366.NASL", "FEDORA_2016-5B2EB0BF9C.NASL", "FEDORA_2016-777D838C1B.NASL", "FEDORA_2016-8BB1932088.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2016-E6807B3394.NASL", "FEDORA_2016-ED8C6C0426.NASL", "FEDORA_2017-9899ABA20E.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_3679FD10C5D111E5B85F0018FE623F2B.NASL", "FREEBSD_PKG_67B3FEF22BEA11E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_6D33B3E5EA0311E585BE14DAE9D210B8.NASL", "FREEBSD_PKG_E05BFC92076311E694FA002590263BF5.NASL", "FREEBSD_PKG_F9C388C5A25611E4992A7B2A515A1247.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201512-10.NASL", "GENTOO_GLSA-201603-15.NASL", "GENTOO_GLSA-201610-02.NASL", "GENTOO_GLSA-201706-18.NASL", "GENTOO_GLSA-201801-15.NASL", "HPSMH_7_3_3_1.NASL", "HPSMH_7_5_5.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL", "IBM_TEM_9_1_1117_0.NASL", "JBOSS_JAVA_SERIALIZE.NASL", "LIBREOFFICE_423.NASL", "MACOSX_FIREFOX_38_4_ESR.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SECUPD2015-005.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "MANDRIVA_MDVSA-2012-128.NASL", "MANDRIVA_MDVSA-2013-032.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2015-019.NASL", "MARIADB_10_0_25.NASL", "MARIADB_10_1_14.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "MOZILLA_THUNDERBIRD_38_4.NASL", "MYSQL_5_5_50.NASL", "MYSQL_5_5_50_RPM.NASL", "MYSQL_5_6_27_RPM.NASL", "MYSQL_5_6_31.NASL", "MYSQL_5_6_31_RPM.NASL", "MYSQL_5_7_13.NASL", "MYSQL_5_7_13_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_6_7959.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_8ZH.NASL", "OPENSSL_1_0_0M.NASL", "OPENSSL_1_0_1S.NASL", "OPENSSL_1_0_2E.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2015-446.NASL", "OPENSUSE-2015-447.NASL", "OPENSUSE-2015-474.NASL", "OPENSUSE-2015-767.NASL", "OPENSUSE-2015-84.NASL", "OPENSUSE-2015-889.NASL", "OPENSUSE-2015-908.NASL", "OPENSUSE-2015-978.NASL", "OPENSUSE-2016-104.NASL", "OPENSUSE-2016-1087.NASL", "OPENSUSE-2016-288.NASL", "OPENSUSE-2016-561.NASL", "OPENSUSE-2016-562.NASL", "OPENSUSE-2016-564.NASL", "OPENSUSE-2016-575.NASL", "OPENSUSE-2016-59.NASL", "OPENSUSE-2016-944.NASL", "OPENSUSE-2016-976.NASL", "OPENSUSE-2016-977.NASL", "OPENSUSE-2016-978.NASL", "OPENSUSE-2016-982.NASL", "OPENSUSE-2017-561.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2015-1228.NASL", "ORACLELINUX_ELSA-2015-1230.NASL", "ORACLELINUX_ELSA-2015-1668.NASL", "ORACLELINUX_ELSA-2015-2522.NASL", "ORACLELINUX_ELSA-2015-3107.NASL", "ORACLELINUX_ELSA-2016-0012.NASL", "ORACLELINUX_ELSA-2016-1137.NASL", "ORACLELINUX_ELSA-2016-1138.NASL", "ORACLELINUX_ELSA-2016-1139.NASL", "ORACLELINUX_ELSA-2016-1140.NASL", "ORACLELINUX_ELSA-2016-1458.NASL", "ORACLELINUX_ELSA-2016-1504.NASL", "ORACLELINUX_ELSA-2016-1602.NASL", "ORACLELINUX_ELSA-2016-1776.NASL", "ORACLELINUX_ELSA-2016-3576.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2015-0070.NASL", "ORACLEVM_OVMSA-2015-0155.NASL", "ORACLEVM_OVMSA-2016-0065.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2015.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2016.NASL", "ORACLE_EIDS_CPU_OCT_2014.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JROCKIT_CPU_JUL_2016.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2016_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2014_CPU.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2016.NASL", "PALO_ALTO_PAN-SA-2014-0003.NASL", "PALO_ALTO_PAN-SA-2016-0027_REMOTE.NASL", "PCI_WEAK_DH_UNDER_2048.NASL", "PFSENSE_SA-16_04.NASL", "PHP_5_4_38.NASL", "PHP_5_5_22.NASL", "PHP_5_6_6.NASL", "PIVOTAL_WEBSERVER_5_4_1.NASL", "REDHAT-RHSA-2014-0626.NASL", "REDHAT-RHSA-2014-0629.NASL", "REDHAT-RHSA-2014-0679.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0099.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-1021.NASL", "REDHAT-RHSA-2015-1197.NASL", "REDHAT-RHSA-2015-1230.NASL", "REDHAT-RHSA-2015-1243.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1980.NASL", "REDHAT-RHSA-2015-2520.NASL", "REDHAT-RHSA-2015-2540.NASL", "REDHAT-RHSA-2015-2552.NASL", "REDHAT-RHSA-2016-0012.NASL", "REDHAT-RHSA-2016-0053.NASL", "REDHAT-RHSA-2016-0056.NASL", "REDHAT-RHSA-2016-0101.NASL", "REDHAT-RHSA-2016-1137.NASL", "REDHAT-RHSA-2016-1138.NASL", "REDHAT-RHSA-2016-1139.NASL", "REDHAT-RHSA-2016-1140.NASL", "REDHAT-RHSA-2016-1141.NASL", "REDHAT-RHSA-2016-1458.NASL", "REDHAT-RHSA-2016-1475.NASL", "REDHAT-RHSA-2016-1476.NASL", "REDHAT-RHSA-2016-1477.NASL", "REDHAT-RHSA-2016-1504.NASL", "REDHAT-RHSA-2016-1587.NASL", "REDHAT-RHSA-2016-1588.NASL", "REDHAT-RHSA-2016-1589.NASL", "REDHAT-RHSA-2016-1776.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2018-2575.NASL", "SECURITYCENTER_OPENSSL_1_0_1Q.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SLACKWARE_SSA_2015-198-01.NASL", "SLACKWARE_SSA_2015-302-03.NASL", "SLACKWARE_SSA_2015-310-02.NASL", "SLACKWARE_SSA_2016-062-02.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20150413_OPENSSL_ON_SL5_X.NASL", "SL_20150715_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150824_HTTPD_ON_SL6_X.NASL", "SL_20151119_OPENSSH_ON_SL7_X.NASL", "SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160531_NTP_ON_SL6_X.NASL", "SL_20160531_OPENSSL_ON_SL5_X.NASL", "SL_20160531_SQUID34_ON_SL6_X.NASL", "SL_20160531_SQUID_ON_SL6_X.NASL", "SL_20160531_SQUID_ON_SL7_X.NASL", "SL_20160720_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160727_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160804_SQUID_ON_SL6_X.NASL", "SL_20160826_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SOLARIS11_XORG_20130924.NASL", "SOLARIS_JUL2016_SRU11_2_14_5_0.NASL", "SOLARIS_JUL2016_SRU11_3_10_5_0.NASL", "SOLARIS_JUL2016_SRU11_3_9_4_0.NASL", "SPLUNK_5011.NASL", "SPLUNK_618.NASL", "SPLUNK_622.NASL", "SPLUNK_625.NASL", "STRUTS_2_3_28_1_WIN_LOCAL.NASL", "SUN_JAVA_WEB_SERVER_7_0_23.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_BASH-8217.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2015-0974-1.NASL", "SUSE_SU-2015-1143-1.NASL", "SUSE_SU-2015-1161-1.NASL", "SUSE_SU-2015-1177-2.NASL", "SUSE_SU-2015-1181-2.NASL", "SUSE_SU-2015-1184-2.NASL", "SUSE_SU-2015-1547-2.NASL", "SUSE_SU-2015-1926-1.NASL", "SUSE_SU-2015-2168-1.NASL", "SUSE_SU-2015-2339-1.NASL", "SUSE_SU-2016-0256-1.NASL", "SUSE_SU-2016-0265-1.NASL", "SUSE_SU-2016-0269-1.NASL", "SUSE_SU-2016-0584-1.NASL", "SUSE_SU-2016-0617-1.NASL", "SUSE_SU-2016-0727-1.NASL", "SUSE_SU-2016-0777-1.NASL", "SUSE_SU-2016-1228-1.NASL", "SUSE_SU-2016-1233-1.NASL", "SUSE_SU-2016-1360-1.NASL", "SUSE_SU-2016-1997-1.NASL", "SUSE_SU-2016-2012-1.NASL", "SUSE_SU-2016-2147-1.NASL", "SUSE_SU-2016-2385-1.NASL", "TENABLE_OT_SIEMENS_CVE-2014-0224.NASL", "UBUNTU_USN-2031-1.NASL", "UBUNTU_USN-2656-1.NASL", "UBUNTU_USN-2706-1.NASL", "UBUNTU_USN-2783-1.NASL", "UBUNTU_USN-2785-1.NASL", "UBUNTU_USN-2840-1.NASL", "UBUNTU_USN-2842-2.NASL", "UBUNTU_USN-2843-1.NASL", "UBUNTU_USN-2843-2.NASL", "UBUNTU_USN-2863-1.NASL", "UBUNTU_USN-2914-1.NASL", "UBUNTU_USN-2959-1.NASL", "UBUNTU_USN-3043-1.NASL", "UBUNTU_USN-3062-1.NASL", "VIRTUALBOX_5_0_26.NASL", "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VCENTER_CONVERTER_2014-0006.NASL", "VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "WEBLOGIC_2016_3510.NASL", "WEBSPHERE_8_5_5_4.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AP.NASL", "XEROX_XRX15R.NASL"]}, {"type": "nmap", "idList": ["NMAP:SSL-DH-PARAMS.NSE"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-0224", "OPENSSL:CVE-2014-3569", "OPENSSL:CVE-2015-1788", "OPENSSL:CVE-2015-1792", "OPENSSL:CVE-2016-0800"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105043", "OPENVAS:1361412562310105158", "OPENVAS:1361412562310105188", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310105368", "OPENVAS:1361412562310105608", "OPENVAS:1361412562310105679", "OPENVAS:1361412562310105691", "OPENVAS:1361412562310106412", "OPENVAS:1361412562310120034", "OPENVAS:1361412562310120044", "OPENVAS:1361412562310120063", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120289", "OPENVAS:1361412562310120310", "OPENVAS:1361412562310120494", "OPENVAS:1361412562310120651", "OPENVAS:1361412562310121379", "OPENVAS:1361412562310122721", "OPENVAS:1361412562310122725", "OPENVAS:1361412562310122727", "OPENVAS:1361412562310122744", "OPENVAS:1361412562310122797", "OPENVAS:1361412562310122806", "OPENVAS:1361412562310122821", "OPENVAS:1361412562310122856", "OPENVAS:1361412562310123022", "OPENVAS:1361412562310123080", "OPENVAS:1361412562310123090", "OPENVAS:1361412562310123099", "OPENVAS:1361412562310123107", "OPENVAS:1361412562310123178", "OPENVAS:1361412562310123197", "OPENVAS:1361412562310131137", "OPENVAS:1361412562310131177", "OPENVAS:1361412562310140116", "OPENVAS:1361412562310140127", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703287", "OPENVAS:1361412562310703325", "OPENVAS:1361412562310703339", "OPENVAS:1361412562310703413", "OPENVAS:1361412562310703414", "OPENVAS:1361412562310703465", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310703500", "OPENVAS:1361412562310805188", "OPENVAS:1361412562310805676", "OPENVAS:1361412562310805913", "OPENVAS:1361412562310805914", "OPENVAS:1361412562310806018", "OPENVAS:1361412562310806551", "OPENVAS:1361412562310806651", "OPENVAS:1361412562310806675", "OPENVAS:1361412562310806744", "OPENVAS:1361412562310806746", "OPENVAS:1361412562310807097", "OPENVAS:1361412562310807227", "OPENVAS:1361412562310807351", "OPENVAS:1361412562310807460", "OPENVAS:1361412562310807809", "OPENVAS:1361412562310807963", "OPENVAS:1361412562310808259", "OPENVAS:1361412562310808568", "OPENVAS:1361412562310831716", "OPENVAS:1361412562310841843", "OPENVAS:1361412562310841867", "OPENVAS:1361412562310841933", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842277", "OPENVAS:1361412562310842513", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842565", "OPENVAS:1361412562310842597", "OPENVAS:1361412562310842620", "OPENVAS:1361412562310842630", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310842905", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850825", "OPENVAS:1361412562310850839", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310851032", "OPENVAS:1361412562310851094", "OPENVAS:1361412562310851167", "OPENVAS:1361412562310851168", "OPENVAS:1361412562310851174", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310851379", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310869508", "OPENVAS:1361412562310869789", "OPENVAS:1361412562310869816", "OPENVAS:1361412562310869875", "OPENVAS:1361412562310869959", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871300", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310871376", "OPENVAS:1361412562310871392", "OPENVAS:1361412562310871434", "OPENVAS:1361412562310871506", "OPENVAS:1361412562310871520", "OPENVAS:1361412562310871524", "OPENVAS:1361412562310871529", "OPENVAS:1361412562310871547", "OPENVAS:1361412562310871626", "OPENVAS:1361412562310871642", "OPENVAS:1361412562310871685", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882108", "OPENVAS:1361412562310882210", "OPENVAS:1361412562310882225", "OPENVAS:1361412562310882237", "OPENVAS:1361412562310882256", "OPENVAS:1361412562310882310", "OPENVAS:1361412562310882314", "OPENVAS:1361412562310882316", "OPENVAS:1361412562310882339", "OPENVAS:1361412562310882340", "OPENVAS:1361412562310882342", "OPENVAS:1361412562310882356", "OPENVAS:1361412562310882363", "OPENVAS:1361412562310882371", "OPENVAS:1361412562310882412", "OPENVAS:1361412562310882449", "OPENVAS:1361412562310882476", "OPENVAS:1361412562310882486", "OPENVAS:1361412562310882543", "OPENVAS:1361412562310882549", "OPENVAS:1361412562311220171125", "OPENVAS:1361412562311220191388", "OPENVAS:1361412562311220191547", "OPENVAS:702950", "OPENVAS:703125", "OPENVAS:703253", "OPENVAS:703336", "OPENVAS:703406", "OPENVAS:703414", "OPENVAS:703457", "OPENVAS:703465", "OPENVAS:703688"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000007"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJAN2016", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0625", "ELSA-2014-1652", "ELSA-2015-0067", "ELSA-2015-0085", "ELSA-2015-1072", "ELSA-2015-1668", "ELSA-2015-2521", "ELSA-2015-2522", "ELSA-2015-2552", "ELSA-2015-2671", "ELSA-2016-0685", "ELSA-2016-1137", "ELSA-2016-1138", "ELSA-2016-1139", "ELSA-2016-1140", "ELSA-2016-1458", "ELSA-2016-1504", "ELSA-2016-1776", "ELSA-2016-2583", "ELSA-2016-3571"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:117503", "PACKETSTORM:134250"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0027"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:0625", "RHSA-2014:0626", "RHSA-2014:0627", "RHSA-2014:0679", "RHSA-2014:1652", "RHSA-2015:0069", "RHSA-2015:0080", "RHSA-2015:0698", "RHSA-2015:1006", "RHSA-2015:1007", "RHSA-2015:1241", "RHSA-2015:1545", "RHSA-2015:1981", "RHSA-2015:2500", "RHSA-2015:2517", "RHSA-2015:2521", "RHSA-2015:2522", "RHSA-2015:2523", "RHSA-2015:2534", "RHSA-2015:2535", "RHSA-2015:2536", "RHSA-2015:2540", "RHSA-2015:2557", "RHSA-2015:2617", "RHSA-2015:2671", "RHSA-2016:0012", "RHSA-2016:0050", "RHSA-2016:0055", "RHSA-2016:0099", "RHSA-2016:0445", "RHSA-2016:0996", "RHSA-2016:1137", "RHSA-2016:1139", "RHSA-2016:1140", "RHSA-2016:1430", "RHSA-2016:1552", "RHSA-2016:1589", "RHSA-2016:1602", "RHSA-2018:2568", "RHSA-2018:2575"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1181", "RH:CVE-2016-2105", "RH:CVE-2016-3440", "RH:CVE-2016-3501", "RH:CVE-2018-7184", "RH:CVE-2021-4160"]}, {"type": "saint", "idList": ["SAINT:3C8676675136ED40AD965CF40F5B034D", "SAINT:C0B4D5468890CF90769399ACED5F1513"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29233", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31790", "SECURITYVULNS:DOC:32203", "SECURITYVULNS:VULN:13089", "SECURITYVULNS:VULN:13544", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14333", "SECURITYVULNS:VULN:14573", "SECURITYVULNS:VULN:14697"]}, {"type": "seebug", "idList": ["SSV:96708"]}, {"type": "slackware", "idList": ["SSA-2015-028-01", "SSA-2015-190-01", "SSA-2015-349-01"]}, {"type": "srcincite", "idList": ["SRC-2016-0024", "SRC-2016-0025"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0162-1", "OPENSUSE-SU-2015:1139-1", "OPENSUSE-SU-2016:0226-1", "OPENSUSE-SU-2016:0268-1", "OPENSUSE-SU-2016:0272-1", "OPENSUSE-SU-2016:1237-1", "OPENSUSE-SU-2016:1238-1", "OPENSUSE-SU-2016:1240-1", "OPENSUSE-SU-2016:1242-1", "OPENSUSE-SU-2016:1243-1", "OPENSUSE-SU-2016:2050-1", "OPENSUSE-SU-2016:2051-1", "OPENSUSE-SU-2016:2052-1", "OPENSUSE-SU-2016:2058-1", "OPENSUSE-SU-2016:2769-1", "SUSE-SU-2014:0759-1", "SUSE-SU-2014:0761-1", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0946-1", "SUSE-SU-2015:1086-3", "SUSE-SU-2015:1161-1", "SUSE-SU-2015:1181-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-2", "SUSE-SU-2015:1183-1", "SUSE-SU-2015:1183-2", "SUSE-SU-2015:1184-2", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1981-1", "SUSE-SU-2015:2168-2", "SUSE-SU-2016:0262-1", "SUSE-SU-2016:0390-1", "SUSE-SU-2016:0399-1", "SUSE-SU-2016:0401-1", "SUSE-SU-2016:0641-1", "SUSE-SU-2016:1175-1", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1233-1", "SUSE-SU-2016:1291-1", "SUSE-SU-2016:1311-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1997-1", "SUSE-SU-2016:2012-1", "SUSE-SU-2016:2261-1", "SUSE-SU-2017:3343-1"]}, {"type": "symantec", "idList": ["SMNTC-1337", "SMNTC-1338", "SMNTC-1344"]}, {"type": "talos", "idList": ["TALOS-2016-0082", "TALOS-2016-0084", "TALOS-2016-0156"]}, {"type": "thn", "idList": ["THN:A649F4ABCE9B99052139693A13D95B14", "THN:ACBFC80659E47A5B7C81B99570749679", "THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "threatpost", "idList": ["THREATPOST:54145B143BF11C716167531924DBD4F1", "THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:A5161FD8579FC8D6BD28F429682A17F9"]}, {"type": "ubuntu", "idList": ["USN-2032-1", "USN-2487-1", "USN-2686-1", "USN-2696-1", "USN-2710-2", "USN-2840-1", "USN-2844-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3566", "UB:CVE-2014-3569", "UB:CVE-2015-0205", "UB:CVE-2015-1788", "UB:CVE-2015-1791", "UB:CVE-2015-3183", "UB:CVE-2015-3237", "UB:CVE-2015-5600", "UB:CVE-2015-7704", "UB:CVE-2016-0702", "UB:CVE-2016-1550", "UB:CVE-2016-3500", "UB:CVE-2016-3615"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001.2"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1430"]}, {"type": "xen", "idList": ["XSA-156"]}, {"type": "zdi", "idList": ["ZDI-15-365", "ZDI-16-441", "ZDI-16-442", "ZDI-16-443", "ZDI-16-444", "ZDI-16-445", "ZDI-16-446", "ZDI-16-447", "ZDI-16-448"]}, {"type": "zdt", "idList": ["1337DAY-ID-23215", "1337DAY-ID-23861", "1337DAY-ID-25234", "1337DAY-ID-25410"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2012-3137", "epss": "0.053700000", "percentile": "0.918960000", "modified": "2023-03-20"}, {"cve": "CVE-2012-3410", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2013-2064", "epss": "0.004870000", "percentile": "0.723020000", "modified": "2023-03-19"}, {"cve": "CVE-2013-2566", "epss": "0.005360000", "percentile": "0.736290000", "modified": "2023-03-19"}, {"cve": "CVE-2014-0224", "epss": "0.975390000", "percentile": "0.999840000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3566", "epss": "0.975070000", "percentile": "0.999610000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3569", "epss": "0.929860000", "percentile": "0.984560000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3570", "epss": "0.009030000", "percentile": "0.803080000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3571", "epss": "0.809750000", "percentile": "0.977570000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3572", "epss": "0.008800000", "percentile": "0.800240000", "modified": "2023-03-19"}, {"cve": "CVE-2014-8275", "epss": "0.010560000", "percentile": "0.818070000", "modified": "2023-03-19"}, {"cve": "CVE-2014-9708", "epss": "0.027600000", "percentile": "0.889420000", "modified": "2023-03-20"}, {"cve": "CVE-2015-0204", "epss": "0.968500000", "percentile": "0.994550000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0205", "epss": "0.010060000", "percentile": "0.813880000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0206", "epss": "0.939780000", "percentile": "0.986170000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0228", "epss": "0.031810000", "percentile": "0.896380000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0235", "epss": "0.974950000", "percentile": "0.999510000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1788", "epss": "0.562990000", "percentile": "0.971040000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1789", "epss": "0.346210000", "percentile": "0.964090000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1790", "epss": "0.424730000", "percentile": "0.967110000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1791", "epss": "0.330470000", "percentile": "0.963450000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1792", "epss": "0.634140000", "percentile": "0.972540000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1793", "epss": "0.082600000", "percentile": "0.933300000", "modified": "2023-03-19"}, {"cve": "CVE-2015-2721", "epss": "0.001170000", "percentile": "0.439230000", "modified": "2023-03-19"}, {"cve": "CVE-2015-2808", "epss": "0.003000000", "percentile": "0.646990000", "modified": "2023-03-20"}, {"cve": "CVE-2015-3183", "epss": "0.073720000", "percentile": "0.930150000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3193", "epss": "0.004530000", "percentile": "0.712820000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3194", "epss": "0.961030000", "percentile": "0.991350000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3195", "epss": "0.006110000", "percentile": "0.754120000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3197", "epss": "0.003070000", "percentile": "0.651750000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3236", "epss": "0.004800000", "percentile": "0.720860000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3237", "epss": "0.008950000", "percentile": "0.802110000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3253", "epss": "0.014080000", "percentile": "0.844230000", "modified": "2023-03-19"}, {"cve": "CVE-2015-4000", "epss": "0.973690000", "percentile": "0.998020000", "modified": "2023-03-19"}, {"cve": "CVE-2015-5300", "epss": "0.016630000", "percentile": "0.856760000", "modified": "2023-03-19"}, {"cve": "CVE-2015-5600", "epss": "0.190810000", "percentile": "0.954450000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7181", "epss": "0.073260000", "percentile": "0.929960000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7182", "epss": "0.012750000", "percentile": "0.835880000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7183", "epss": "0.087740000", "percentile": "0.935000000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7501", "epss": "0.013000000", "percentile": "0.837680000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7575", "epss": "0.002920000", "percentile": "0.642380000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7704", "epss": "0.918030000", "percentile": "0.983330000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7979", "epss": "0.046790000", "percentile": "0.913390000", "modified": "2023-03-19"}, {"cve": "CVE-2015-8104", "epss": "0.000720000", "percentile": "0.293570000", "modified": "2023-03-19"}, {"cve": "CVE-2015-8138", "epss": "0.003530000", "percentile": "0.675290000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0635", "epss": "0.002860000", "percentile": "0.638560000", "modified": "2023-03-20"}, {"cve": "CVE-2016-0701", "epss": "0.118840000", "percentile": "0.944020000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0702", "epss": "0.000990000", "percentile": "0.395290000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0705", "epss": "0.033080000", "percentile": "0.898110000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0797", "epss": "0.078860000", "percentile": "0.931910000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0798", "epss": "0.534470000", "percentile": "0.970220000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0799", "epss": "0.186020000", "percentile": "0.953850000", "modified": "2023-03-19"}, {"cve": "CVE-2016-0800", "epss": "0.958770000", "percentile": "0.990600000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1181", "epss": "0.022080000", "percentile": "0.876950000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1182", "epss": "0.334130000", "percentile": "0.963580000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1547", "epss": "0.005250000", "percentile": "0.733760000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1548", "epss": "0.005480000", "percentile": "0.739450000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1550", "epss": "0.004360000", "percentile": "0.707170000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1938", "epss": "0.003310000", "percentile": "0.664890000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1978", "epss": "0.045840000", "percentile": "0.912490000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2105", "epss": "0.048080000", "percentile": "0.914350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2106", "epss": "0.075810000", "percentile": "0.930850000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2107", "epss": "0.974000000", "percentile": "0.998350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2108", "epss": "0.914900000", "percentile": "0.983050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2109", "epss": "0.165770000", "percentile": "0.951480000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2176", "epss": "0.066720000", "percentile": "0.926740000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2518", "epss": "0.003010000", "percentile": "0.647940000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3081", "epss": "0.975240000", "percentile": "0.999740000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3424", "epss": "0.001300000", "percentile": "0.461410000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3432", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3433", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3440", "epss": "0.001270000", "percentile": "0.457320000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3444", "epss": "0.007090000", "percentile": "0.773990000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3445", "epss": "0.001570000", "percentile": "0.503670000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3446", "epss": "0.001460000", "percentile": "0.488700000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3448", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3450", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3451", "epss": "0.001640000", "percentile": "0.512970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3452", "epss": "0.003550000", "percentile": "0.676070000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3453", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3458", "epss": "0.005280000", "percentile": "0.734580000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3459", "epss": "0.001780000", "percentile": "0.531640000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3467", "epss": "0.001540000", "percentile": "0.498920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3468", "epss": "0.007090000", "percentile": "0.773990000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3469", "epss": "0.000430000", "percentile": "0.077180000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3470", "epss": "0.001210000", "percentile": "0.447010000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3471", "epss": "0.000430000", "percentile": "0.077150000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3472", "epss": "0.001140000", "percentile": "0.433440000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3474", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3475", "epss": "0.001050000", "percentile": "0.412050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3476", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3477", "epss": "0.001000000", "percentile": "0.397350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3478", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3479", "epss": "0.003980000", "percentile": "0.694420000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3480", "epss": "0.000430000", "percentile": "0.077180000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3481", "epss": "0.001270000", "percentile": "0.457320000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3482", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3483", "epss": "0.001460000", "percentile": "0.488700000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3484", "epss": "0.000430000", "percentile": "0.077180000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3485", "epss": "0.000890000", "percentile": "0.362410000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3486", "epss": "0.002430000", "percentile": "0.604610000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3487", "epss": "0.002480000", "percentile": "0.609680000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3488", "epss": "0.000430000", "percentile": "0.077180000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3489", "epss": "0.000450000", "percentile": "0.120200000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3490", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3491", "epss": "0.001560000", "percentile": "0.501540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3493", "epss": "0.007090000", "percentile": "0.773990000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3494", "epss": "0.002130000", "percentile": "0.575350000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3496", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3497", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3498", "epss": "0.006290000", "percentile": "0.757750000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3499", "epss": "0.006750000", "percentile": "0.767540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3500", "epss": "0.009410000", "percentile": "0.807260000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3501", "epss": "0.002430000", "percentile": "0.604610000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3502", "epss": "0.000800000", "percentile": "0.326010000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3503", "epss": "0.000830000", "percentile": "0.334760000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3504", "epss": "0.007090000", "percentile": "0.773990000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3506", "epss": "0.008150000", "percentile": "0.792040000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3507", "epss": "0.001840000", "percentile": "0.539220000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3508", "epss": "0.010900000", "percentile": "0.821390000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3509", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3510", "epss": "0.004440000", "percentile": "0.709220000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3511", "epss": "0.000880000", "percentile": "0.360110000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3512", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3513", "epss": "0.001190000", "percentile": "0.443560000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3514", "epss": "0.001190000", "percentile": "0.443560000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3515", "epss": "0.002510000", "percentile": "0.612810000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3516", "epss": "0.001460000", "percentile": "0.487730000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3517", "epss": "0.001840000", "percentile": "0.539220000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3518", "epss": "0.002000000", "percentile": "0.561490000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3519", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3520", "epss": "0.001300000", "percentile": "0.462200000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3521", "epss": "0.001860000", "percentile": "0.541300000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3522", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3523", "epss": "0.001640000", "percentile": "0.512970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3524", "epss": "0.002400000", "percentile": "0.602680000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3525", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3526", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3527", "epss": "0.002000000", "percentile": "0.561880000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3528", "epss": "0.003980000", "percentile": "0.694420000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3529", "epss": "0.001830000", "percentile": "0.538450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3530", "epss": "0.000950000", "percentile": "0.386280000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3531", "epss": "0.000990000", "percentile": "0.394060000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3532", "epss": "0.001560000", "percentile": "0.501540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3533", "epss": "0.002320000", "percentile": "0.595380000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3534", "epss": "0.002320000", "percentile": "0.595380000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3535", "epss": "0.001560000", "percentile": "0.501540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3536", "epss": "0.001560000", "percentile": "0.501540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3537", "epss": "0.001210000", "percentile": "0.447010000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3538", "epss": "0.000950000", "percentile": "0.386280000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3539", "epss": "0.000950000", "percentile": "0.386280000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3540", "epss": "0.001750000", "percentile": "0.529120000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3541", "epss": "0.002000000", "percentile": "0.561880000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3542", "epss": "0.025220000", "percentile": "0.884840000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3543", "epss": "0.002000000", "percentile": "0.561880000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3544", "epss": "0.001010000", "percentile": "0.400380000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3545", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3546", "epss": "0.002000000", "percentile": "0.561880000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3547", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3548", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3549", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3550", "epss": "0.005030000", "percentile": "0.727560000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3552", "epss": "0.000970000", "percentile": "0.390710000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3553", "epss": "0.001050000", "percentile": "0.412050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3554", "epss": "0.002860000", "percentile": "0.638200000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3555", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3556", "epss": "0.009080000", "percentile": "0.803510000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3557", "epss": "0.001510000", "percentile": "0.495490000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3558", "epss": "0.001640000", "percentile": "0.512970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3559", "epss": "0.001640000", "percentile": "0.512970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3560", "epss": "0.002020000", "percentile": "0.563940000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3561", "epss": "0.001640000", "percentile": "0.513250000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3563", "epss": "0.000530000", "percentile": "0.194020000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3564", "epss": "0.002270000", "percentile": "0.591470000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3565", "epss": "0.001040000", "percentile": "0.409500000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3566", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3567", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3568", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3569", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3570", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3571", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3572", "epss": "0.000940000", "percentile": "0.382510000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3573", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3574", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3575", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3576", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3577", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3578", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3579", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3580", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3581", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3582", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3583", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3584", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3585", "epss": "0.002000000", "percentile": "0.561880000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3586", "epss": "0.006750000", "percentile": "0.767540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3587", "epss": "0.007960000", "percentile": "0.789600000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3588", "epss": "0.002000000", "percentile": "0.561490000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3589", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3590", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3591", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3592", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3593", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3594", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3595", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3596", "epss": "0.003470000", "percentile": "0.671920000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3597", "epss": "0.000610000", "percentile": "0.238420000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3598", "epss": "0.009400000", "percentile": "0.807190000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3606", "epss": "0.005160000", "percentile": "0.731070000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3607", "epss": "0.021180000", "percentile": "0.874220000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3608", "epss": "0.001830000", "percentile": "0.538450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3609", "epss": "0.001870000", "percentile": "0.543340000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3610", "epss": "0.007830000", "percentile": "0.786940000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3611", "epss": "0.001750000", "percentile": "0.529120000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3612", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3613", "epss": "0.007090000", "percentile": "0.773990000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3614", "epss": "0.002430000", "percentile": "0.604610000", "modified": "2023-03-20"}, {"cve": "CVE-2016-3615", "epss": "0.001860000", "percentile": "0.541300000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4051", "epss": "0.009070000", "percentile": "0.803530000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4052", "epss": "0.020540000", "percentile": "0.872270000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4053", "epss": "0.005510000", "percentile": "0.740270000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5019", "epss": "0.006210000", "percentile": "0.756120000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5436", "epss": "0.001300000", "percentile": "0.461410000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5437", "epss": "0.001300000", "percentile": "0.461410000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5439", "epss": "0.001660000", "percentile": "0.515490000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5440", "epss": "0.001240000", "percentile": "0.452040000", "modified": "2023-03-19"}, {"cve": "CVE-2016-5441", "epss": "0.001300000", "percentile": "0.461410000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5442", "epss": "0.001300000", "percentile": "0.461410000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5443", "epss": "0.000710000", "percentile": "0.289290000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5444", "epss": "0.003600000", "percentile": "0.678590000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5445", "epss": "0.001770000", "percentile": "0.531060000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5446", "epss": "0.002130000", "percentile": "0.576040000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5447", "epss": "0.001190000", "percentile": "0.442580000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5448", "epss": "0.001720000", "percentile": "0.526290000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5449", "epss": "0.003980000", "percentile": "0.694420000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5450", "epss": "0.001640000", "percentile": "0.512970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5451", "epss": "0.001210000", "percentile": "0.447010000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5452", "epss": "0.000430000", "percentile": "0.077180000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5453", "epss": "0.007090000", "percentile": "0.773990000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5454", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5455", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5456", "epss": "0.001210000", "percentile": "0.447010000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5457", "epss": "0.002230000", "percentile": "0.588110000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5458", "epss": "0.000940000", "percentile": "0.382510000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5459", "epss": "0.001640000", "percentile": "0.512970000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5460", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5461", "epss": "0.001210000", "percentile": "0.447010000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5462", "epss": "0.001010000", "percentile": "0.399540000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5463", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5464", "epss": "0.000880000", "percentile": "0.360170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5465", "epss": "0.001560000", "percentile": "0.502170000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5466", "epss": "0.002050000", "percentile": "0.567450000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5467", "epss": "0.001050000", "percentile": "0.412050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5468", "epss": "0.001050000", "percentile": "0.412050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5469", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5470", "epss": "0.001750000", "percentile": "0.529120000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5471", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5472", "epss": "0.000610000", "percentile": "0.238330000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5473", "epss": "0.001050000", "percentile": "0.412050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5474", "epss": "0.002230000", "percentile": "0.588110000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5475", "epss": "0.001100000", "percentile": "0.424550000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5476", "epss": "0.001100000", "percentile": "0.424550000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5477", "epss": "0.001830000", "percentile": "0.538450000", "modified": "2023-03-20"}], "vulnersScore": 0.6}, "affectedSoftware": [], "_state": {"dependencies": 1660012827, "score": 1684016453, "affected_software_major_version": 1666695388, "epss": 1679323282}, "_internal": {"score_hash": "44f7dfa960d22f1dcd8e55c13b275627"}}

{"nessus": [{"lastseen": "2023-05-23T14:17:00", "description": "Oracle reports :\n\nThe quarterly Critical Patch Update contains 22 new security fixes for Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-3424", "CVE-2016-3440", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3471", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3518", "CVE-2016-3521", "CVE-2016-3588", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mariadb100-server", "p-cpe:/a:freebsd:freebsd:mariadb101-server", "p-cpe:/a:freebsd:freebsd:mariadb55-server", "p-cpe:/a:freebsd:freebsd:mysql55-server", "p-cpe:/a:freebsd:freebsd:mysql56-server", "p-cpe:/a:freebsd:freebsd:mysql57-server", "p-cpe:/a:freebsd:freebsd:percona55-server", "p-cpe:/a:freebsd:freebsd:percona56-server", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/92505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92505);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2105\", \"CVE-2016-3424\", \"CVE-2016-3440\", \"CVE-2016-3452\", \"CVE-2016-3459\", \"CVE-2016-3471\", \"CVE-2016-3477\", \"CVE-2016-3486\", \"CVE-2016-3501\", \"CVE-2016-3518\", \"CVE-2016-3521\", \"CVE-2016-3588\", \"CVE-2016-3614\", \"CVE-2016-3615\", \"CVE-2016-5436\", \"CVE-2016-5437\", \"CVE-2016-5439\", \"CVE-2016-5440\", \"CVE-2016-5441\", \"CVE-2016-5442\", \"CVE-2016-5443\", \"CVE-2016-5444\");\n\n script_name(english:\"FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nThe quarterly Critical Patch Update contains 22 new security fixes for\nOracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d65519a\"\n );\n # https://vuxml.freebsd.org/freebsd/ca5cb202-4f51-11e6-b2ec-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c288534\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb100-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb101-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mariadb55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mariadb55-server<=5.5.49\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb100-server<=10.0.25\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mariadb101-server<=10.1.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql55-server<=5.5.49\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-server<5.6.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-server<5.7.12_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-server<=5.5.49\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-server<=5.6.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:49", "description": "The version of Oracle E-Business installed on the remote host is missing the July 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Wireless Framework subcomponent within the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3491)\n\n - An unspecified flaw exists in the Function Security subcomponent within the Customer Interaction History component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3512)\n\n - An unspecified flaw exists in the AOL diagnostic tests subcomponent within the Application Object Library component that allows an authenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3520)\n\n - An unspecified flaw exists in the Application Service subcomponent within the Web Applications Desktop Integrator component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3522)\n\n - An unspecified flaw exists in the Application Service subcomponent within the Web Applications Desktop Integrator component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3523)\n\n - An unspecified flaw exists in the Configuration subcomponent within the Applications Technology Stack component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3524)\n\n - An unspecified flaw exists in the Cookie Management subcomponent within the Applications Manager component that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3525)\n\n - An unspecified flaw exists in the Expenses Admin Utilities subcomponent within the Internet Expenses component that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3528)\n\n - An unspecified flaw exists in the SDK client integration subcomponent within the Advanced Inbound Telephony component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3532)\n\n - An unspecified flaw exists in the Search subcomponent within the Knowledge Management component that allows an unauthenticated, remote attacker to impact integrity.\n (CVE-2016-3533)\n\n - An unspecified flaw exists in the Engineering Change Order subcomponent within the Installed Base component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3534)\n\n - An unspecified flaw exists in the Remote Launch subcomponent within the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3535)\n\n - An unspecified flaw exists in the Deliverables subcomponent within the Marketing component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3536)\n\n - An unspecified flaw exists in the Notes subcomponent within the Common Applications Calendar component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3541)\n\n - An unspecified flaw exists in the Search/Browse subcomponent within the Knowledge Management component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3542)\n\n - An unspecified flaw exists in the Tasks subcomponent within the Common Applications Calendar component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3543)\n\n - An unspecified flaw exists in the Web based help screens subcomponent within the Application Object Library component that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3545)\n\n - An unspecified flaw exists in the Report JSPs subcomponent within the Advanced Collections component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3546)\n\n - An unspecified flaw exists in the Content Manager subcomponent within the One-to-One Fulfillment component that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3547)\n\n - An unspecified flaw exists in the Marketing activity collateral subcomponent within the Marketing component that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3548)\n\n - An unspecified flaw exists in the Search Integration Engine subcomponent within the E-Business Suite Secure Enterprise Search component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3549)\n\n - Multiple unspecified flaws exist in the Email Center Agent Console subcomponent within the Email Center component that allow an unauthenticated, remote attacker to impact integrity. (CVE-2016-3558, CVE-2016-3559)", "cvss3": {}, "published": "2016-07-20T00:00:00", "type": "nessus", "title": "Oracle E-Business Multiple Vulnerabilities (July 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3491", "CVE-2016-3512", "CVE-2016-3520", "CVE-2016-3522", "CVE-2016-3523", "CVE-2016-3524", "CVE-2016-3525", "CVE-2016-3528", "CVE-2016-3532", "CVE-2016-3533", "CVE-2016-3534", "CVE-2016-3535", "CVE-2016-3536", "CVE-2016-3541", "CVE-2016-3542", "CVE-2016-3543", "CVE-2016-3545", "CVE-2016-3546", "CVE-2016-3547", "CVE-2016-3548", "CVE-2016-3549", "CVE-2016-3558", "CVE-2016-3559"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:e-business_suite"], "id": "ORACLE_E-BUSINESS_CPU_JUL_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/92461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92461);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-3491\",\n \"CVE-2016-3512\",\n \"CVE-2016-3520\",\n \"CVE-2016-3522\",\n \"CVE-2016-3523\",\n \"CVE-2016-3524\",\n \"CVE-2016-3525\",\n \"CVE-2016-3528\",\n \"CVE-2016-3532\",\n \"CVE-2016-3533\",\n \"CVE-2016-3534\",\n \"CVE-2016-3535\",\n \"CVE-2016-3536\",\n \"CVE-2016-3541\",\n \"CVE-2016-3542\",\n \"CVE-2016-3543\",\n \"CVE-2016-3545\",\n \"CVE-2016-3546\",\n \"CVE-2016-3547\",\n \"CVE-2016-3548\",\n \"CVE-2016-3549\",\n \"CVE-2016-3558\",\n \"CVE-2016-3559\"\n );\n script_bugtraq_id(\n 91838,\n 91839,\n 91841,\n 91843,\n 91845,\n 91848,\n 91852,\n 91857,\n 91861,\n 91865,\n 91870,\n 91873,\n 91878,\n 91882,\n 91886,\n 91888,\n 91893,\n 91896,\n 91899,\n 91903,\n 91907,\n 91909,\n 91911\n );\n\n script_name(english:\"Oracle E-Business Multiple Vulnerabilities (July 2016 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle E-Business installed on the remote host is\nmissing the July 2016 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the Wireless Framework\n subcomponent within the CRM Technical Foundation\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-3491)\n\n - An unspecified flaw exists in the Function Security\n subcomponent within the Customer Interaction History\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-3512)\n\n - An unspecified flaw exists in the AOL diagnostic tests\n subcomponent within the Application Object Library\n component that allows an authenticated, remote attacker\n to disclose potentially sensitive information.\n (CVE-2016-3520)\n\n - An unspecified flaw exists in the Application Service\n subcomponent within the Web Applications Desktop\n Integrator component that allows an unauthenticated,\n remote attacker to impact confidentiality and integrity.\n (CVE-2016-3522)\n\n - An unspecified flaw exists in the Application Service\n subcomponent within the Web Applications Desktop\n Integrator component that allows an unauthenticated,\n remote attacker to impact integrity. (CVE-2016-3523)\n\n - An unspecified flaw exists in the Configuration\n subcomponent within the Applications Technology Stack\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-3524)\n\n - An unspecified flaw exists in the Cookie Management\n subcomponent within the Applications Manager component\n that allows an unauthenticated, remote attacker to\n disclose potentially sensitive information.\n (CVE-2016-3525)\n\n - An unspecified flaw exists in the Expenses Admin\n Utilities subcomponent within the Internet Expenses\n component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3528)\n\n - An unspecified flaw exists in the SDK client integration\n subcomponent within the Advanced Inbound Telephony\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-3532)\n\n - An unspecified flaw exists in the Search subcomponent\n within the Knowledge Management component that allows an\n unauthenticated, remote attacker to impact integrity.\n (CVE-2016-3533)\n\n - An unspecified flaw exists in the Engineering Change\n Order subcomponent within the Installed Base component\n that allows an unauthenticated, remote attacker to\n impact integrity. (CVE-2016-3534)\n\n - An unspecified flaw exists in the Remote Launch\n subcomponent within the CRM Technical Foundation\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-3535)\n\n - An unspecified flaw exists in the Deliverables\n subcomponent within the Marketing component that allows\n an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-3536)\n\n - An unspecified flaw exists in the Notes subcomponent\n within the Common Applications Calendar component that\n allows an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-3541)\n\n - An unspecified flaw exists in the Search/Browse\n subcomponent within the Knowledge Management component\n that allows an authenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2016-3542)\n\n - An unspecified flaw exists in the Tasks subcomponent\n within the Common Applications Calendar component that\n allows an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2016-3543)\n\n - An unspecified flaw exists in the Web based help screens\n subcomponent within the Application Object Library\n component that allows an unauthenticated, remote\n attacker to disclose potentially sensitive information.\n (CVE-2016-3545)\n\n - An unspecified flaw exists in the Report JSPs\n subcomponent within the Advanced Collections component\n that allows an unauthenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2016-3546)\n\n - An unspecified flaw exists in the Content Manager\n subcomponent within the One-to-One Fulfillment component\n that allows an unauthenticated, remote attacker to\n disclose potentially sensitive information.\n (CVE-2016-3547)\n\n - An unspecified flaw exists in the Marketing activity\n collateral subcomponent within the Marketing component\n that allows an unauthenticated, remote attacker to\n disclose potentially sensitive information.\n (CVE-2016-3548)\n\n - An unspecified flaw exists in the Search Integration\n Engine subcomponent within the E-Business Suite Secure\n Enterprise Search component that allows an\n unauthenticated, remote attacker to disclose potentially\n sensitive information. (CVE-2016-3549)\n\n - Multiple unspecified flaws exist in the Email Center\n Agent Console subcomponent within the Email Center\n component that allow an unauthenticated, remote\n attacker to impact integrity. (CVE-2016-3558,\n CVE-2016-3559)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3546\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:e-business_suite\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_e-business_query_patch_info.nbin\");\n script_require_keys(\"Oracle/E-Business/Version\", \"Oracle/E-Business/patches/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Oracle/E-Business/Version\");\npatches = get_kb_item_or_exit(\"Oracle/E-Business/patches/installed\");\n\n# Batch checks\nif (patches) patches = split(patches, sep:',', keep:FALSE);\nelse patches = make_list();\n\np12_1 = '23144507';\np12_2 = '23144508';\n\n# Check if the installed version is an affected version\naffected_versions = make_array(\n '12.1.1', make_list(p12_1),\n '12.1.2', make_list(p12_1),\n '12.1.3', make_list(p12_1),\n\n '12.2.3', make_list(p12_2),\n '12.2.4', make_list(p12_2),\n '12.2.5', make_list(p12_2)\n);\n\npatched = FALSE;\naffectedver = FALSE;\n\nif (affected_versions[version])\n{\n affectedver = TRUE;\n patchids = affected_versions[version];\n foreach required_patch (patchids)\n {\n foreach applied_patch (patches)\n {\n if(required_patch == applied_patch)\n {\n patched = applied_patch;\n break;\n }\n }\n if(patched) break;\n }\n if(!patched) patchreport = join(patchids,sep:\" or \");\n}\n\nif (!patched && affectedver)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+version+' Patch '+patchreport+\n '\\n';\n security_hole(port:0,extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);\nelse exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:38", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3459, CVE-2016-5436)\n\n - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588)\n\n - Multiple unspecified flaws exist in the Security:\n Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3614, CVE-2016-5442)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437)\n\n - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5441)\n\n - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443)\n\n - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition.\n\n - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-11T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-3424", "CVE-2016-3440", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3518", "CVE-2016-3521", "CVE-2016-3588", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-8288"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_7_13_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/91998", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91998);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-3424\",\n \"CVE-2016-3440\",\n \"CVE-2016-3452\",\n \"CVE-2016-3459\",\n \"CVE-2016-3477\",\n \"CVE-2016-3486\",\n \"CVE-2016-3501\",\n \"CVE-2016-3518\",\n \"CVE-2016-3521\",\n \"CVE-2016-3588\",\n \"CVE-2016-3614\",\n \"CVE-2016-3615\",\n \"CVE-2016-5436\",\n \"CVE-2016-5437\",\n \"CVE-2016-5439\",\n \"CVE-2016-5440\",\n \"CVE-2016-5441\",\n \"CVE-2016-5442\",\n \"CVE-2016-5443\",\n \"CVE-2016-5444\",\n \"CVE-2016-8288\"\n );\n script_bugtraq_id(\n 89757,\n 91902,\n 91906,\n 91910,\n 91915,\n 91917,\n 91932,\n 91943,\n 91949,\n 91953,\n 91960,\n 91963,\n 91967,\n 91969,\n 91974,\n 91976,\n 91980,\n 91983,\n 91987,\n 91992,\n 91999,\n 93740\n );\n\n script_name(english:\"Oracle MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.13. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501,\n CVE-2016-3518)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - Multiple unspecified flaws exist in the InnoDB\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3459, CVE-2016-5436)\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to impact\n integrity and confidentiality. (CVE-2016-3588)\n\n - Multiple unspecified flaws exist in the Security:\n Encryption subcomponent that allow an authenticated,\n remote attacker to cause a denial of service condition.\n (CVE-2016-3614, CVE-2016-5442)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Log subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5437)\n\n - An unspecified flaw exists in the Privileges\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5441)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-5443)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin\n subcomponent that allows an authenticated, remote\n attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple flaws exist in InnoDB that are triggered when\n handling specially crafted 'ALTER TABLE' operations. An\n authenticated, remote attacker can exploit these issues\n to crash the database, resulting in a denial of service\n condition.\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB\n memcached plugin due to improper validation of\n user-supplied input. An authenticated, remote attacker\n can exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when\n invoking Enterprise Encryption functions in multiple\n threads simultaneously or after creating and dropping\n them. An authenticated, remote attacker can exploit this\n to crash the database, resulting in a denial of service\n condition.\n\n - An unspecified flaw exists that is triggered when\n handling a 'SELECT ... GROUP BY ... FOR UPDATE' query\n executed with a loose index scan. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when\n performing a 'FLUSH TABLES' operation on a table with a\n discarded tablespace. An authenticated, remote attacker\n can exploit this to crash the database, resulting in a\n denial of service condition.\n\n - A flaw exists in InnoDB that is triggered when\n performing an 'OPTIMIZE TABLE' operation on a table with\n a full-text index. An authenticated, remote attacker can\n exploit this to crash the database, resulting in a\n denial of service condition.\n\n - An unspecified flaw exists that is triggered when\n performing an UPDATE operation on a generated virtual\n BLOB column. An authenticated, remote attacker can\n exploit this to crash the database, resulting in a\n denial of service condition.\n\n - An unspecified flaw exists that is triggered when\n performing a 'SHOW CREATE TABLE' operation on a table\n with a generated column. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html\");\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42cde00c\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2157431.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8288\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/11\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.7.13\";\nexists_version = \"5.7\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:08", "description": "The version of MySQL running on the remote host is 5.7.x prior to 5.7.13. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - Multiple unspecified flaws exist in the Optimizer subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501, CVE-2016-3518)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - Multiple unspecified flaws exist in the InnoDB subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3459, CVE-2016-5436)\n\n - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to impact integrity and confidentiality. (CVE-2016-3588)\n\n - Multiple unspecified flaws exist in the Security:\n Encryption subcomponent that allow an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3614, CVE-2016-5442)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Log subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5437)\n\n - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Replication subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5441)\n\n - An unspecified flaw exists in the Connection subcomponent that allows a local attacker to cause a denial of service condition. (CVE-2016-5443)\n\n - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple flaws exist in InnoDB that are triggered when handling specially crafted 'ALTER TABLE' operations. An authenticated, remote attacker can exploit these issues to crash the database, resulting in a denial of service condition.\n\n - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when performing a 'FLUSH TABLES' operation on a table with a discarded tablespace. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - A flaw exists in InnoDB that is triggered when performing an 'OPTIMIZE TABLE' operation on a table with a full-text index. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when performing an UPDATE operation on a generated virtual BLOB column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when performing a 'SHOW CREATE TABLE' operation on a table with a generated column. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-20T00:00:00", "type": "nessus", "title": "MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-3424", "CVE-2016-3440", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3518", "CVE-2016-3521", "CVE-2016-3588", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443", "CVE-2016-5444", "CVE-2016-8288"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_13.NASL", "href": "https://www.tenable.com/plugins/nessus/91997", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91997);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-3424\",\n \"CVE-2016-3440\",\n \"CVE-2016-3452\",\n \"CVE-2016-3459\",\n \"CVE-2016-3477\",\n \"CVE-2016-3486\",\n \"CVE-2016-3501\",\n \"CVE-2016-3518\",\n \"CVE-2016-3521\",\n \"CVE-2016-3588\",\n \"CVE-2016-3614\",\n \"CVE-2016-3615\",\n \"CVE-2016-5436\",\n \"CVE-2016-5437\",\n \"CVE-2016-5439\",\n \"CVE-2016-5440\",\n \"CVE-2016-5441\",\n \"CVE-2016-5442\",\n \"CVE-2016-5443\",\n \"CVE-2016-5444\",\n \"CVE-2016-8288\"\n );\n script_bugtraq_id(\n 89757,\n 91902,\n 91906,\n 91910,\n 91915,\n 91917,\n 91932,\n 91943,\n 91949,\n 91953,\n 91960,\n 91963,\n 91967,\n 91969,\n 91974,\n 91976,\n 91980,\n 91983,\n 91987,\n 91992,\n 91999,\n 93740\n );\n\n script_name(english:\"MySQL 5.7.x < 5.7.13 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.7.x prior to\n5.7.13. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - Multiple unspecified flaws exist in the Optimizer\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3424, CVE-2016-3440, CVE-2016-3501,\n CVE-2016-3518)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - Multiple unspecified flaws exist in the InnoDB\n subcomponent that allow an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3459, CVE-2016-5436)\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to impact\n integrity and confidentiality. (CVE-2016-3588)\n\n - Multiple unspecified flaws exist in the Security:\n Encryption subcomponent that allow an authenticated,\n remote attacker to cause a denial of service condition.\n (CVE-2016-3614, CVE-2016-5442)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Log subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5437)\n\n - An unspecified flaw exists in the Privileges\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Replication\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5441)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows a local attacker to cause a\n denial of service condition. (CVE-2016-5443)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin\n subcomponent that allows an authenticated, remote\n attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple flaws exist in InnoDB that are triggered when\n handling specially crafted 'ALTER TABLE' operations. An\n authenticated, remote attacker can exploit these issues\n to crash the database, resulting in a denial of service\n condition.\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB\n memcached plugin due to improper validation of\n user-supplied input. An authenticated, remote attacker\n can exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when\n invoking Enterprise Encryption functions in multiple\n threads simultaneously or after creating and dropping\n them. An authenticated, remote attacker can exploit this\n to crash the database, resulting in a denial of service\n condition.\n\n - An unspecified flaw exists that is triggered when\n handling a 'SELECT ... GROUP BY ... FOR UPDATE' query\n executed with a loose index scan. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when\n performing a 'FLUSH TABLES' operation on a table with a\n discarded tablespace. An authenticated, remote attacker\n can exploit this to crash the database, resulting in a\n denial of service condition.\n\n - A flaw exists in InnoDB that is triggered when\n performing an 'OPTIMIZE TABLE' operation on a table with\n a full-text index. An authenticated, remote attacker can\n exploit this to crash the database, resulting in a\n denial of service condition.\n\n - An unspecified flaw exists that is triggered when\n performing an UPDATE operation on a generated virtual\n BLOB column. An authenticated, remote attacker can\n exploit this to crash the database, resulting in a\n denial of service condition.\n\n - An unspecified flaw exists that is triggered when\n performing a 'SHOW CREATE TABLE' operation on a table\n with a generated column. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.7.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8288\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.7.13', min:'5.7', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:04", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS has been updated to MySQL 5.7.13.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720 .html.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : mysql-5.5, mysql-5.6, mysql-5.7 vulnerabilities (USN-3040-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3424", "CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3518", "CVE-2016-3521", "CVE-2016-3588", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5436", "CVE-2016-5437", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5441", "CVE-2016-5442", "CVE-2016-5443"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.6", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3040-1.NASL", "href": "https://www.tenable.com/plugins/nessus/92511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3040-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92511);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-3424\", \"CVE-2016-3459\", \"CVE-2016-3477\", \"CVE-2016-3486\", \"CVE-2016-3501\", \"CVE-2016-3518\", \"CVE-2016-3521\", \"CVE-2016-3588\", \"CVE-2016-3614\", \"CVE-2016-3615\", \"CVE-2016-5436\", \"CVE-2016-5437\", \"CVE-2016-5439\", \"CVE-2016-5440\", \"CVE-2016-5441\", \"CVE-2016-5442\", \"CVE-2016-5443\");\n script_xref(name:\"USN\", value:\"3040-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : mysql-5.5, mysql-5.6, mysql-5.7 vulnerabilities (USN-3040-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS\nhas been updated to MySQL 5.7.13.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3040-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected mysql-server-5.5, mysql-server-5.6 and / or\nmysql-server-5.7 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.50-0ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.50-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"mysql-server-5.6\", pkgver:\"5.6.31-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.13-0ubuntu0.16.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5 / mysql-server-5.6 / mysql-server-5.7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-26T15:35:56", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458)\n\n - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485)\n\n - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498)\n\n - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500)\n\n - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503)\n\n - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508)\n\n - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511)\n\n - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3550)\n\n - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552)\n\n - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587)\n\n - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598)\n\n - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-3606)\n\n - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "nessus", "title": "Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_JUL_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/92516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92516);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-3458\",\n \"CVE-2016-3485\",\n \"CVE-2016-3498\",\n \"CVE-2016-3500\",\n \"CVE-2016-3503\",\n \"CVE-2016-3508\",\n \"CVE-2016-3511\",\n \"CVE-2016-3550\",\n \"CVE-2016-3552\",\n \"CVE-2016-3587\",\n \"CVE-2016-3598\",\n \"CVE-2016-3606\",\n \"CVE-2016-3610\"\n );\n script_bugtraq_id(\n 91904,\n 91912,\n 91918,\n 91930,\n 91945,\n 91951,\n 91956,\n 91962,\n 91972,\n 91990,\n 91996,\n 92000,\n 92006\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 101, 7 Update 111,\nor 6 Update 121. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the CORBA subcomponent\n that allows an unauthenticated, remote attacker to\n impact integrity. (CVE-2016-3458)\n\n - An unspecified flaw exists in the Networking\n subcomponent that allows a local attacker to impact\n integrity. (CVE-2016-3485)\n\n - An unspecified flaw exists in the JavaFX subcomponent\n that allows an unauthenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3498)\n\n - An unspecified flaw exists in the JAXP subcomponent that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3500)\n\n - An unspecified flaw exists in the Install subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3503)\n\n - An unspecified flaw exists in the JAXP subcomponent that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3508)\n\n - An unspecified flaw exists in the Deployment\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-3511)\n\n - An unspecified flaw exists in the Hotspot subcomponent\n that allows an unauthenticated, remote attacker to\n disclose potentially sensitive information.\n (CVE-2016-3550)\n\n - An unspecified flaw exists in the Install subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3552)\n\n - A flaw exists in the Hotspot subcomponent due to\n improper access to the MethodHandle::invokeBasic()\n function. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-3587)\n\n - A flaw exists in the Libraries subcomponent within the\n MethodHandles::dropArguments() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-3598)\n\n - A flaw exists in the Hotspot subcomponent within the\n ClassVerifier::ends_in_athrow() function when handling\n bytecode verification. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-3606)\n\n - An unspecified flaw exists in the Libraries subcomponent\n that allows an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2016-3610)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e71b6836\");\n # http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92867054\");\n # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6adbf356\");\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_121\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81636e81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 101 / 7 Update 111 / 6 Update\n121 or later. If necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 6 Update 95 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 8 Update 101 / 7 Update 111 / 6 Update 121\n if (\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-9][0-9]|1[01][0-9]|120)([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-9][0-9]|10[0-9]|110)([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-9][0-9]|100)([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_121 / 1.7.0_111 / 1.8.0_101\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installations on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-03T14:40:00", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25) :\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)\n\n - CVE-2016-3552 (bsc#989726)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n - Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be revised\n\n - S8029630: Thread id should be displayed as a hex number in error report\n\n - S8029726: On OS X some dtrace probe names are mismatched with Solaris\n\n - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired\n\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String\n\n - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200 executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - S8052396: Catch exceptions resulting from missing font cmap\n\n - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries\n\n - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded\n\n - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator\n\n - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled\n\n - S8065579: WB method to start G1 concurrent mark cycle should be introduced\n\n - S8065986: Compiler fails to NullPointerException when calling super with Object<>()\n\n - S8066974: Compiler doesn't infer method's generic type information in lambda body\n\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years\n\n - S8068033: JNI exception pending in jdk/src/share/bin/java.c\n\n - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending\n\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found\n\n - S8068254: Method reference uses wrong qualifying type\n\n - S8074696: Remote debugging session hangs for several minutes when calling findBootType\n\n - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did\n\n - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale\n\n - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/\n\n - S8080650: Enable stubs to use frame pointers correctly\n\n - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure\n\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n\n - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2\n\n - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter\n\n - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions\n\n - S8131129: Attempt to define a duplicate BMH$Species class\n\n - S8131665: Bad exception message in HandshakeHash.getFinishedHash\n\n - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final\n\n - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X\n\n - S8133207: ParallelProbes.java test fails after changes for JDK-8080115\n\n - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518\n\n - S8134007: Improve string folding\n\n - S8134759: jdb: Incorrect stepping inside finally block\n\n - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set\n\n - S8136442: Don't tie Certificate signature algorithms to ciphersuites\n\n - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+\n\n - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot\n\n - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization\n\n - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout\n\n - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true ,oopDesc*,MarkAndPushClosure>\n\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n\n - S8139751: Javac crash with -XDallowStringFolding=false\n\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev\n\n - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof\n\n - S8140031: SA: Searching for a value in Threads does not work\n\n - S8140249: JVM Crashing During startUp If Flight Recording is enabled\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check\n\n - S8141260: isReachable crash in windows xp\n\n - S8143297: Nashorn compilation time reported in nanoseconds\n\n - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly\n\n - S8143855: Bad printf formatting in frame_zero.cpp\n\n - S8143896: java.lang.Long is implicitly converted to double\n\n - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg\n\n - S8144020: Remove long as an internal numeric type\n\n - S8144131: ArrayData.getInt implementations do not convert to int32\n\n - S8144483: One long Safepoint pause directly after each GC log rotation\n\n - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true\n\n - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds\n\n - S8144935: C2: safepoint is pruned from a non-counted loop\n\n - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution\n\n - S8145017: Add support for 3 digit hotspot minor version numbers\n\n - S8145099: Better error message when SA can't attach to a process\n\n - S8145442: Add the facility to verify remembered sets for G1\n\n - S8145466: javac: No line numbers in compilation error\n\n - S8145539: (coll) AbstractMap.keySet and .values should not be volatile\n\n - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic\n\n - S8145669: apply2call optimized callsite fails after becoming megamorphic\n\n - S8145722: NullPointerException in javadoc\n\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI\n\n - S8146147: Java linker indexed property getter does not work for computed nashorn string\n\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n\n - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms\n\n - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before\n\n - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries\n\n - S8147630: Wrong test result pushed to 8u-dev\n\n - S8147845: Varargs Array functions still leaking longs\n\n - S8147857: RMIConnector logs attribute names incorrectly\n\n - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC\n\n - S8150791: 8u76 L10n resource file translation update\n\n - Import of OpenJDK 8 u101 build 13\n\n - S6483657: MSCAPI provider does not create unique alias names\n\n - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying timestamp hash algorithm\n\n - S8081778: Use Intel x64 CPU instructions for RSA acceleration\n\n - S8130150: Implement BigInteger.montgomeryMultiply intrinsic\n\n - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts\n\n - S8143913: MSCAPI keystore should accept Certificate[] in setEntry()\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146240: Three nashorn files contain 'GNU General Public License' header\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811\n\n - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua\n\n - S8151522: Disable 8130150 and 8081778 intrinsics by default\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail\n\n - S8157077: 8u101 L10n resource file updates\n\n - Backports\n\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate\n\n - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events\n\n - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string\n\n - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation\n\n - S8014212, PR2866: Robot captures black screen\n\n - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays\n\n - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository.\n\n - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11\n\n - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management\n\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n\n - S8035287, PR3095: gcc warnings compiling various libraries files\n\n - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality\n\n - S8039279, PR3077: Move awt tests to openjdk repository\n\n - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton\n\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk\n\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree\n\n - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository\n\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree\n\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests\n\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk\n\n - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository\n\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out\n\n - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository\n\n - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository\n\n - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2\n\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK\n\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again\n\n - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3\n\n - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK\n\n - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4\n\n - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK\n\n - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5\n\n - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3)\n\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK\n\n - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6\n\n - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7\n\n - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8\n\n - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK\n\n - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk\n\n - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9\n\n - S8056911, PR3077: Remove internal API usage from ExtendedRobot class\n\n - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10\n\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe st/MovedResizedTwiceTest.java failed automatically\n\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n\n - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.ja va is asocial pressing VK_LEFT and not releasing\n\n - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases\n\n - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease\n\n - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()\n\n - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT est fails with GTKLookAndFeel\n\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor\n\n - S8073320, PR1061: Windows HiDPI Graphics support\n\n - S8074807, PR3077: Fix some tests unnecessary using internal API\n\n - S8076315, PR3077: move 4 manual functional swing tests to regression suite\n\n - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize()\n\n - S8129822, PR3077: Define 'headful' jtreg keyword\n\n - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size\n\n - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access\n\n - S8137571, PR1061: Linux HiDPI Graphics support\n\n - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted\n\n - S8145188, PR2945: No LocalVariableTable generated for the entire JDK\n\n - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons\n\n - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons\n\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X\n\n - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045]\n\n - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest\n\n - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly\n\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux\n\n - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651)\n\n - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape\n\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful.\n\n - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6\n\n - Bug fixes\n\n - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order\n\n - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure\n\n - PR2932: Support ccache in a non-automagic manner\n\n - PR2933: Support ccache 3.2 and later\n\n - PR2964: Set system defaults based on OS\n\n - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings\n\n - PR3078: Remove duplicated line dating back to 6788347 and 6894807\n\n - PR3083, RH1346460: Regression in SSL debug output without an ECC provider\n\n - PR3089: Remove old memory limits patch\n\n - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs\n\n - PR3095: Fix warnings in URLClassPath.c\n\n - PR3096: Remove dead --disable-optimizations option\n\n - PR3105: Use version from hotspot.map to create tarball filename\n\n - PR3106: Handle both correctly-spelt property 'enableCustomValueHandler' introduced by S8079718 and typo version\n\n - PR3108: Shenandoah patches not included in release tarball\n\n - PR3110: Update hotspot.map documentation in INSTALL\n\n - AArch64 port\n\n - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64\n\n - S8148328, PR3078: aarch64: redundant lsr instructions in stub code.\n\n - S8148783, PR3078: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly\n\n - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code\n\n - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy\n\n - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub\n\n - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero\n\n - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection\n\n - S8150082, PR3078: aarch64: optimise small array copy\n\n - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly\n\n - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions\n\n - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions\n\n - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops.\n\n - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words\n\n - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations\n\n - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero.\n\n - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine\n\n - S8153713, PR3078: aarch64: improve short array clearing using store pair\n\n - S8153797, PR3078: aarch64: Add Arrays.fill stub code\n\n - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted\n\n - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode\n\n - S8155015, PR3078: Aarch64: bad assert in spill generation code\n\n - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base\n\n - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset\n\n - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA\n\n - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612\n\n - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine\n\n - S8157841, PR3078: aarch64: prefetch ignores cache line size\n\n - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted\n\n - S8158913, PR3078: aarch64: SEGV running Spark terasort\n\n - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words\n\n - S8159063, PR3078: aarch64: optimise unaligned array copy long\n\n - PR3078: Cleanup remaining differences from aarch64/jdk8u tree\n\n - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\n avoid some crashes\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2016-08-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-978.NASL", "href": "https://www.tenable.com/plugins/nessus/92979", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-978.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92979);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3552\", \"CVE-2016-3587\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-978)\");\n script_summary(english:\"Check for the openSUSE-2016-978 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25) :\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility\n (bsc#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3552 (bsc#989726)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for\n GTK 3 on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via\n fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n - Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted\n loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be\n revised\n\n - S8029630: Thread id should be displayed as a hex number\n in error report\n\n - S8029726: On OS X some dtrace probe names are mismatched\n with Solaris\n\n - S8029727: On OS X dtrace probes\n Call<type>MethodA/Call<type>MethodV are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField\n are not fired\n\n - S8038184: XMLSignature throws\n StringIndexOutOfBoundsException if ID attribute value is\n empty String\n\n - S8038349: Signing XML with DSA throws Exception when key\n is larger than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs\n without JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200\n executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy\n value for hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - S8052396: Catch exceptions resulting from missing font\n cmap\n\n - S8058563: InstanceKlass::_dependencies list isn't\n cleared from empty nmethodBucket entries\n\n - S8061624: [TESTBUG] Some tests cannot be ran under\n compact profiles and therefore shall be excluded\n\n - S8062901: Iterators is spelled incorrectly in the\n Javadoc for Spliterator\n\n - S8064330: Remove SHA224 from the default support list if\n SunMSCAPI enabled\n\n - S8065579: WB method to start G1 concurrent mark cycle\n should be introduced\n\n - S8065986: Compiler fails to NullPointerException when\n calling super with Object<>()\n\n - S8066974: Compiler doesn't infer method's generic type\n information in lambda body\n\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear\n for out of range years\n\n - S8068033: JNI exception pending in\n jdk/src/share/bin/java.c\n\n - S8068042: Check\n jdk/src/share/native/sun/misc/URLClassPath.c for JNI\n pending\n\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false)\n failed: OLD and/or OBSOLETE method(s) found\n\n - S8068254: Method reference uses wrong qualifying type\n\n - S8074696: Remote debugging session hangs for several\n minutes when calling findBootType\n\n - S8074935: jdk8 keytool doesn't validate pem files for\n RFC 1421 correctness, as jdk7 did\n\n - S8078423: [TESTBUG]\n javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on\n system locale\n\n - S8080492: [Parfait] Uninitialised variable in\n jdk/src/java/desktop/windows/native/libawt/\n\n - S8080650: Enable stubs to use frame pointers correctly\n\n - S8122944: perfdata used is seen as too high on sparc\n zone with jdk1.9 and causes a test failure\n\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n\n - S8129847: Compiling methods generated by Nashorn\n triggers high memory usage in C2\n\n - S8130506: javac AssertionError when invoking\n MethodHandle.invoke with lambda parameter\n\n - S8130910: hsperfdata file is created in wrong directory\n and not cleaned up if /tmp/hsperfdata_<username> has\n wrong permissions\n\n - S8131129: Attempt to define a duplicate BMH$Species\n class\n\n - S8131665: Bad exception message in\n HandshakeHash.getFinishedHash\n\n - S8131782: C1 Class.cast optimization breaks when Class\n is loaded from static final\n\n - S8132503: [macosx] Chinese full stop symbol cannot be\n entered with Pinyin IM on OS X\n\n - S8133207: ParallelProbes.java test fails after changes\n for JDK-8080115\n\n - S8133924: NPE may be thrown when xsltc select a\n non-existing node after JDK-8062518\n\n - S8134007: Improve string folding\n\n - S8134759: jdb: Incorrect stepping inside finally block\n\n - S8134963: [Newtest] New stress test for changing the\n coarseness level of G1 remembered set\n\n - S8136442: Don't tie Certificate signature algorithms to\n ciphersuites\n\n - S8137106: EUDC (End User Defined Characters) are not\n displayed on Windows with Java 8u60+\n\n - S8138745: Implement ExitOnOutOfMemory and\n CrashOnOutOfMemory in HotSpot\n\n - S8138764: In some cases the usage of TreeLock can be\n replaced by other synchronization\n\n - S8139373: [TEST_BUG]\n java/net/MulticastSocket/MultiDead.java failed with\n timeout\n\n - S8139424: SIGSEGV, Problematic frame: # V\n [libjvm.so+0xd0c0cc] void\n InstanceKlass::oop_oop_iterate_oop_maps_specialized<true\n ,oopDesc*,MarkAndPushClosure>\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8139751: Javac crash with -XDallowStringFolding=false\n\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903\n to 8u-dev\n\n - S8139985: JNI exception pending in\n jdk/src/jdk/hprof/agent/share/native/libhprof\n\n - S8140031: SA: Searching for a value in Threads does not\n work\n\n - S8140249: JVM Crashing During startUp If Flight\n Recording is enabled\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8140587: Atomic*FieldUpdaters should use\n Class.isInstance instead of direct class check\n\n - S8141260: isReachable crash in windows xp\n\n - S8143297: Nashorn compilation time reported in\n nanoseconds\n\n - S8143397: It looks like InetAddress.isReachable(timeout)\n works incorrectly\n\n - S8143855: Bad printf formatting in frame_zero.cpp\n\n - S8143896: java.lang.Long is implicitly converted to\n double\n\n - S8143963: improve ClassLoader::trace_class_path to\n accept an additional outputStream* arg\n\n - S8144020: Remove long as an internal numeric type\n\n - S8144131: ArrayData.getInt implementations do not\n convert to int32\n\n - S8144483: One long Safepoint pause directly after each\n GC log rotation\n\n - S8144487: PhaseIdealLoop::build_and_optimize() must\n restore major_progress flag if skip_loop_opts is true\n\n - S8144885: agent/src/os/linux/libproc.h needs to support\n Linux/SPARC builds\n\n - S8144935: C2: safepoint is pruned from a non-counted\n loop\n\n - S8144937: [TEST_BUG] testlibrary_tests should be\n excluded for compact1 and compact2 execution\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8145099: Better error message when SA can't attach to a\n process\n\n - S8145442: Add the facility to verify remembered sets for\n G1\n\n - S8145466: javac: No line numbers in compilation error\n\n - S8145539: (coll) AbstractMap.keySet and .values should\n not be volatile\n\n - S8145550: Megamorphic invoke should use CompiledFunction\n variants without any LinkLogic\n\n - S8145669: apply2call optimized callsite fails after\n becoming megamorphic\n\n - S8145722: NullPointerException in javadoc\n\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset()\n does not match AddI\n\n - S8146147: Java linker indexed property getter does not\n work for computed nashorn string\n\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n\n - S8146725: Issues with\n SignatureAndHashAlgorithm.getSupportedAlgorithms\n\n - S8146979: Backport of 8046471 breaks ppc64 build in\n jdk8u because 8072383 was badly backported before\n\n - S8147087: Race when reusing PerRegionTable bitmaps may\n result in dropped remembered set entries\n\n - S8147630: Wrong test result pushed to 8u-dev\n\n - S8147845: Varargs Array functions still leaking longs\n\n - S8147857: RMIConnector logs attribute names incorrectly\n\n - S8148353: [linux-sparc] Crash in libawt.so on Linux\n SPARC\n\n - S8150791: 8u76 L10n resource file translation update\n\n - Import of OpenJDK 8 u101 build 13\n\n - S6483657: MSCAPI provider does not create unique alias\n names\n\n - S6675699: need comprehensive fix for unconstrained\n ConvI2L with narrowed type\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8081778: Use Intel x64 CPU instructions for RSA\n acceleration\n\n - S8130150: Implement BigInteger.montgomeryMultiply\n intrinsic\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8143913: MSCAPI keystore should accept Certificate[] in\n setEntry()\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146240: Three nashorn files contain 'GNU General\n Public License' header\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147994: [macosx] JScrollPane jitters up/down during\n trackpad scrolling on MacOS/Aqua\n\n - S8151522: Disable 8130150 and 8081778 intrinsics by\n default\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8152098: Fix 8151522 caused test\n compiler/intrinsics/squaretolen/TestSquareToLen.java to\n fail\n\n - S8157077: 8u101 L10n resource file updates\n\n - Backports\n\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6778087, PR1061: getLocationOnScreen() always returns\n (0, 0) for mouse wheel events\n\n - S6961123, PR2972: setWMClass fails to null-terminate\n WM_CLASS string\n\n - S8008657, PR3077: JSpinner setComponentOrientation\n doesn't affect on text orientation\n\n - S8014212, PR2866: Robot captures black screen\n\n - S8029339, PR1061: Custom MultiResolution image support\n on HiDPI displays\n\n - S8031145, PR3077: Re-examine closed i18n tests to see it\n they can be moved to the jdk repository.\n\n - S8034856, PR3095: gcc warnings compiling\n src/solaris/native/sun/security/pkcs11\n\n - S8034857, PR3095: gcc warnings compiling\n src/solaris/native/sun/management\n\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n\n - S8035287, PR3095: gcc warnings compiling various\n libraries files\n\n - S8038631, PR3077: Create wrapper for awt.Robot with\n additional functionality\n\n - S8039279, PR3077: Move awt tests to openjdk repository\n\n - S8041561, PR3077: Inconsistent opacity behaviour between\n JCheckBox and JRadioButton\n\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing\n tests to jdk\n\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression\n tests tree\n\n - S8043126, PR3077: move awt automated functional tests\n from AWT_Events/Lw and AWT_Events/AWT to OpenJDK\n repository\n\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and\n GC functional AWT tests to regression tree\n\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted\n AWT_Mixing tests\n\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758\n and AltPlusNumberKeyCombinationsTest to jdk\n\n - S8044429, PR3077: move awt automated tests for\n AWT_Modality to OpenJDK repository\n\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time\n out\n\n - S8044765, PR3077: Move functional tests\n AWT_SystemTray/Automated to openjdk repository\n\n - S8047180, PR3077: Move functional tests\n AWT_Headless/Automated to OpenJDK repository\n\n - S8047367, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 2\n\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated\n functional tests to OpenJDK\n\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times\n out again\n\n - S8049617, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 3\n\n - S8049694, PR3077: Migrate functional\n AWT_DesktopProperties/Automated tests to OpenJDK\n\n - S8050885, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 4\n\n - S8051440, PR3077: move tests about maximizing\n undecorated to OpenJDK\n\n - S8052012, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 5\n\n - S8052408, PR3077: Move AWT_BAT functional tests to\n OpenJDK (3 of 3)\n\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related\n to undecorated Frame/JFrame to JDK\n\n - S8054143, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 6\n\n - S8054358, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 7\n\n - S8054359, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 8\n\n - S8055360, PR3077: Move the rest part of AWT\n ShapedAndTranslucent tests to OpenJDK\n\n - S8055664, PR3077: move 14 tests about\n setLocationRelativeTo to jdk\n\n - S8055836, PR3077: move awt tests from AWT_Modality to\n OpenJDK repository - part 9\n\n - S8056911, PR3077: Remove internal API usage from\n ExtendedRobot class\n\n - S8057694, PR3077: move awt tests from AWT_Modality to\n OpenJDK repository - part 10\n\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe\n st/MovedResizedTwiceTest.java failed automatically\n\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n\n - S8063102, PR3077: Change open awt regression tests to\n avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063104, PR3077: Change open awt regression tests to\n avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8063106, PR3077: Change open swing regression tests to\n avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063107, PR3077: Change open swing regression tests to\n avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8064573, PR3077: [TEST_BUG]\n javax/swing/text/AbstractDocument/6968363/Test6968363.ja\n va is asocial pressing VK_LEFT and not releasing\n\n - S8064575, PR3077: [TEST_BUG]\n javax/swing/JEditorPane/6917744/bug6917744.java 100\n times press keys and never releases\n\n - S8064809, PR3077: [TEST_BUG]\n javax/swing/JComboBox/4199622/bug4199622.java contains a\n lot of keyPress and not a single keyRelease\n\n - S8067441, PR3077: Some tests fails with error: cannot\n find symbol getSystemMnemonicKeyCodes()\n\n - S8068228, PR3077: Test\n closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT\n est fails with GTKLookAndFeel\n\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform()\n does not include scale factor\n\n - S8073320, PR1061: Windows HiDPI Graphics support\n\n - S8074807, PR3077: Fix some tests unnecessary using\n internal API\n\n - S8076315, PR3077: move 4 manual functional swing tests\n to regression suite\n\n - S8078504, PR3094: Zero lacks declaration of\n VM_Version::initialize()\n\n - S8129822, PR3077: Define 'headful' jtreg keyword\n\n - S8132123, PR1061: MultiResolutionCachedImage\n unnecessarily creates base image to get its size\n\n - S8133539, PR1061: [TEST_BUG] Split\n java/awt/image/MultiResolutionImageTest.java in two to\n allow restricted access\n\n - S8137571, PR1061: Linux HiDPI Graphics support\n\n - S8142406, PR1061: [TEST] MultiResolution image: need\n test to cover the case when @2x image is corrupted\n\n - S8145188, PR2945: No LocalVariableTable generated for\n the entire JDK\n\n - S8150258, PR1061: [TEST] HiDPI: create a test for\n multiresolution menu items icons\n\n - S8150724, PR1061: [TEST] HiDPI: create a test for\n multiresolution icons\n\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale\n should be taken into account for OS X\n\n - S8151841, PR2882: Build needs additional flags to\n compile with GCC 6 [plus parts of 8149647 & 8032045]\n\n - S8155613, PR1061: [PIT] crash in\n AWT_Desktop/Automated/Exceptions/BasicTest\n\n - S8156020, PR1061: 8145547 breaks AIX and and uses\n RTLD_NOLOAD incorrectly\n\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional\n support for GTK 3 on Linux\n\n - S8158260, PR2991, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3074: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key\n headful.\n\n - S8160294, PR2882, PR3095: Some client libraries cannot\n be built with GCC 6\n\n - Bug fixes\n\n - PR1958: GTKLookAndFeel does not honor\n gtk-alternative-button-order\n\n - PR2822: Feed LIBS & CFLAGS into configure rather than\n make to avoid re-discovery by OpenJDK configure\n\n - PR2932: Support ccache in a non-automagic manner\n\n - PR2933: Support ccache 3.2 and later\n\n - PR2964: Set system defaults based on OS\n\n - PR2974, RH1337583: PKCS#10 certificate requests now use\n CRLF line endings rather than system line endings\n\n - PR3078: Remove duplicated line dating back to 6788347\n and 6894807\n\n - PR3083, RH1346460: Regression in SSL debug output\n without an ECC provider\n\n - PR3089: Remove old memory limits patch\n\n - PR3090, RH1204159: SystemTap is heavily confused by\n multiple JDKs\n\n - PR3095: Fix warnings in URLClassPath.c\n\n - PR3096: Remove dead --disable-optimizations option\n\n - PR3105: Use version from hotspot.map to create tarball\n filename\n\n - PR3106: Handle both correctly-spelt property\n 'enableCustomValueHandler' introduced by S8079718 and\n typo version\n\n - PR3108: Shenandoah patches not included in release\n tarball\n\n - PR3110: Update hotspot.map documentation in INSTALL\n\n - AArch64 port\n\n - S8145320, PR3078: Create unsafe_arraycopy and\n generic_arraycopy for AArch64\n\n - S8148328, PR3078: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3078: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3078: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8149080, PR3078: AArch64: Recognise disjoint array copy\n in stub code\n\n - S8149365, PR3078: aarch64: memory copy does not prefetch\n on backwards copy\n\n - S8149907, PR3078: aarch64: use load/store pair\n instructions in call_stub\n\n - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when\n comparing narrow pointer with zero\n\n - S8150045, PR3078: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8150082, PR3078: aarch64: optimise small array copy\n\n - S8150229, PR3078: aarch64: pipeline class for several\n instructions is not set correctly\n\n - S8150313, PR3078: aarch64: optimise array copy using\n SIMD instructions\n\n - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS\n instructions\n\n - S8151340, PR3078: aarch64: prefetch the destination word\n for write prior to ldxr/stxr loops.\n\n - S8151502, PR3078: optimize pd_disjoint_words and\n pd_conjoint_words\n\n - S8151775, PR3078: aarch64: add support for 8.1 LSE\n atomic operations\n\n - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when\n comparing unsigned values with zero.\n\n - S8152840, PR3078: aarch64: improve _unsafe_arraycopy\n stub routine\n\n - S8153713, PR3078: aarch64: improve short array clearing\n using store pair\n\n - S8153797, PR3078: aarch64: Add Arrays.fill stub code\n\n - S8154537, PR3078: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8155015, PR3078: Aarch64: bad assert in spill\n generation code\n\n - S8155100, PR3078: AArch64: Relax alignment requirement\n for byte_map_base\n\n - S8155612, PR3078: Aarch64: vector nodes need to support\n misaligned offset\n\n - S8155617, PR3078: aarch64: ClearArray does not use DC\n ZVA\n\n - S8155653, PR3078: TestVectorUnalignedOffset.java not\n pushed with 8155612\n\n - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java\n fails due to _generic_arraycopy stub routine\n\n - S8157841, PR3078: aarch64: prefetch ignores cache line\n size\n\n - S8157906, PR3078: aarch64: some more integer rotate\n instructions are never emitted\n\n - S8158913, PR3078: aarch64: SEGV running Spark terasort\n\n - S8159052, PR3078: aarch64: optimise unaligned copies in\n pd_disjoint_words and pd_conjoint_words\n\n - S8159063, PR3078: aarch64: optimise unaligned array copy\n long\n\n - PR3078: Cleanup remaining differences from aarch64/jdk8u\n tree\n\n - Fix script linking /usr/share/javazi/tzdb.dat for\n platform where it applies (bsc#987895)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\n avoid some crashes\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.101-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_8_0-openjdk-src-1.8.0.101-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T15:03:09", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25) :\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility (bsc#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)\n\n - CVE-2016-3552 (bsc#989726)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n - Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be revised\n\n - S8029630: Thread id should be displayed as a hex number in error report\n\n - S8029726: On OS X some dtrace probe names are mismatched with Solaris\n\n - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired\n\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String\n\n - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200 executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - S8052396: Catch exceptions resulting from missing font cmap\n\n - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries\n\n - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded\n\n - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator\n\n - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled\n\n - S8065579: WB method to start G1 concurrent mark cycle should be introduced\n\n - S8065986: Compiler fails to NullPointerException when calling super with Object()\n\n - S8066974: Compiler doesn't infer method's generic type information in lambda body\n\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years\n\n - S8068033: JNI exception pending in jdk/src/share/bin/java.c\n\n - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending\n\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found\n\n - S8068254: Method reference uses wrong qualifying type\n\n - S8074696: Remote debugging session hangs for several minutes when calling findBootType\n\n - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did\n\n - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale\n\n - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/\n\n - S8080650: Enable stubs to use frame pointers correctly\n\n - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure\n\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n\n - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2\n\n - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter\n\n - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions\n\n - S8131129: Attempt to define a duplicate BMH$Species class\n\n - S8131665: Bad exception message in HandshakeHash.getFinishedHash\n\n - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final\n\n - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X\n\n - S8133207: ParallelProbes.java test fails after changes for JDK-8080115\n\n - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518\n\n - S8134007: Improve string folding\n\n - S8134759: jdb: Incorrect stepping inside finally block\n\n - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set\n\n - S8136442: Don't tie Certificate signature algorithms to ciphersuites\n\n - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+\n\n - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot\n\n - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization\n\n - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout\n\n - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true ></true> shClosure>\n\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n\n - S8139751: Javac crash with -XDallowStringFolding=false\n\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev\n\n - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof\n\n - S8140031: SA: Searching for a value in Threads does not work\n\n - S8140249: JVM Crashing During startUp If Flight Recording is enabled\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check\n\n - S8141260: isReachable crash in windows xp\n\n - S8143297: Nashorn compilation time reported in nanoseconds\n\n - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly\n\n - S8143855: Bad printf formatting in frame_zero.cpp\n\n - S8143896: java.lang.Long is implicitly converted to double\n\n - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg\n\n - S8144020: Remove long as an internal numeric type\n\n - S8144131: ArrayData.getInt implementations do not convert to int32\n\n - S8144483: One long Safepoint pause directly after each GC log rotation\n\n - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true\n\n - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds\n\n - S8144935: C2: safepoint is pruned from a non-counted loop\n\n - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution\n\n - S8145017: Add support for 3 digit hotspot minor version numbers\n\n - S8145099: Better error message when SA can't attach to a process\n\n - S8145442: Add the facility to verify remembered sets for G1\n\n - S8145466: javac: No line numbers in compilation error\n\n - S8145539: (coll) AbstractMap.keySet and .values should not be volatile\n\n - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic\n\n - S8145669: apply2call optimized callsite fails after becoming megamorphic\n\n - S8145722: NullPointerException in javadoc\n\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI\n\n - S8146147: Java linker indexed property getter does not work for computed nashorn string\n\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n\n - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms\n\n - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before\n\n - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries\n\n - S8147630: Wrong test result pushed to 8u-dev\n\n - S8147845: Varargs Array functions still leaking longs\n\n - S8147857: RMIConnector logs attribute names incorrectly\n\n - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC\n\n - S8150791: 8u76 L10n resource file translation update\n\n - Import of OpenJDK 8 u101 build 13\n\n - S6483657: MSCAPI provider does not create unique alias names\n\n - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying timestamp hash algorithm\n\n - S8081778: Use Intel x64 CPU instructions for RSA acceleration\n\n - S8130150: Implement BigInteger.montgomeryMultiply intrinsic\n\n - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts\n\n - S8143913: MSCAPI keystore should accept Certificate[] in setEntry()\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146240: Three nashorn files contain 'GNU General Public License' header\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811\n\n - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua\n\n - S8151522: Disable 8130150 and 8081778 intrinsics by default\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail\n\n - S8157077: 8u101 L10n resource file updates\n\n - Backports\n\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate\n\n - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events\n\n - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string\n\n - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation\n\n - S8014212, PR2866: Robot captures black screen\n\n - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays\n\n - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository.\n\n - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11\n\n - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management\n\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n\n - S8035287, PR3095: gcc warnings compiling various libraries files\n\n - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality\n\n - S8039279, PR3077: Move awt tests to openjdk repository\n\n - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton\n\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk\n\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree\n\n - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository\n\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree\n\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests\n\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk\n\n - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository\n\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out\n\n - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository\n\n - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository\n\n - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2\n\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK\n\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again\n\n - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3\n\n - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK\n\n - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4\n\n - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK\n\n - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5\n\n - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3)\n\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK\n\n - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6\n\n - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7\n\n - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8\n\n - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK\n\n - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk\n\n - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9\n\n - S8056911, PR3077: Remove internal API usage from ExtendedRobot class\n\n - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10\n\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe st/MovedResizedTwic eTest.java failed automatically\n\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n\n - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.ja va is asocial pressing VK_LEFT and not releasing\n\n - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases\n\n - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease\n\n - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()\n\n - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT est fails with GTKLookAndFeel\n\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor\n\n - S8073320, PR1061: Windows HiDPI Graphics support\n\n - S8074807, PR3077: Fix some tests unnecessary using internal API\n\n - S8076315, PR3077: move 4 manual functional swing tests to regression suite\n\n - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize()\n\n - S8129822, PR3077: Define 'headful' jtreg keyword\n\n - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size\n\n - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access\n\n - S8137571, PR1061: Linux HiDPI Graphics support\n\n - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted\n\n - S8145188, PR2945: No LocalVariableTable generated for the entire JDK\n\n - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons\n\n - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons\n\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X\n\n - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045]\n\n - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest\n\n - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly\n\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux\n\n - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651)\n\n - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape\n\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful.\n\n - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6\n\n - Bug fixes\n\n - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order\n\n - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure\n\n - PR2932: Support ccache in a non-automagic manner\n\n - PR2933: Support ccache 3.2 and later\n\n - PR2964: Set system defaults based on OS\n\n - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings\n\n - PR3078: Remove duplicated line dating back to 6788347 and 6894807\n\n - PR3083, RH1346460: Regression in SSL debug output without an ECC provider\n\n - PR3089: Remove old memory limits patch\n\n - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs\n\n - PR3095: Fix warnings in URLClassPath.c\n\n - PR3096: Remove dead --disable-optimizations option\n\n - PR3105: Use version from hotspot.map to create tarball filename\n\n - PR3106: Handle both correctly-spelt property 'enableCustomValueHandler' introduced by S8079718 and typo version\n\n - PR3108: Shenandoah patches not included in release tarball\n\n - PR3110: Update hotspot.map documentation in INSTALL\n\n - AArch64 port\n\n - S8145320, PR3078: Create unsafe_arraycopy and generic_arraycopy for AArch64\n\n - S8148328, PR3078: aarch64: redundant lsr instructions in stub code.\n\n - S8148783, PR3078: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3078: aarch64: generate_copy_longs calls align() incorrectly\n\n - S8149080, PR3078: AArch64: Recognise disjoint array copy in stub code\n\n - S8149365, PR3078: aarch64: memory copy does not prefetch on backwards copy\n\n - S8149907, PR3078: aarch64: use load/store pair instructions in call_stub\n\n - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when comparing narrow pointer with zero\n\n - S8150045, PR3078: arraycopy causes segfaults in SATB during garbage collection\n\n - S8150082, PR3078: aarch64: optimise small array copy\n\n - S8150229, PR3078: aarch64: pipeline class for several instructions is not set correctly\n\n - S8150313, PR3078: aarch64: optimise array copy using SIMD instructions\n\n - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS instructions\n\n - S8151340, PR3078: aarch64: prefetch the destination word for write prior to ldxr/stxr loops.\n\n - S8151502, PR3078: optimize pd_disjoint_words and pd_conjoint_words\n\n - S8151775, PR3078: aarch64: add support for 8.1 LSE atomic operations\n\n - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when comparing unsigned values with zero.\n\n - S8152840, PR3078: aarch64: improve _unsafe_arraycopy stub routine\n\n - S8153713, PR3078: aarch64: improve short array clearing using store pair\n\n - S8153797, PR3078: aarch64: Add Arrays.fill stub code\n\n - S8154537, PR3078: AArch64: some integer rotate instructions are never emitted\n\n - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess loads in wrong mode\n\n - S8155015, PR3078: Aarch64: bad assert in spill generation code\n\n - S8155100, PR3078: AArch64: Relax alignment requirement for byte_map_base\n\n - S8155612, PR3078: Aarch64: vector nodes need to support misaligned offset\n\n - S8155617, PR3078: aarch64: ClearArray does not use DC ZVA\n\n - S8155653, PR3078: TestVectorUnalignedOffset.java not pushed with 8155612\n\n - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java fails due to _generic_arraycopy stub routine\n\n - S8157841, PR3078: aarch64: prefetch ignores cache line size\n\n - S8157906, PR3078: aarch64: some more integer rotate instructions are never emitted\n\n - S8158913, PR3078: aarch64: SEGV running Spark terasort\n\n - S8159052, PR3078: aarch64: optimise unaligned copies in pd_disjoint_words and pd_conjoint_words\n\n - S8159063, PR3078: aarch64: optimise unaligned array copy long\n\n - PR3078: Cleanup remaining differences from aarch64/jdk8u tree\n\n - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (bsc#987895)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684) avoid some crashes</username></type></type>\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2012-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2012-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93281);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3552\", \"CVE-2016-3587\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25) :\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility\n (bsc#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3552 (bsc#989726)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for\n GTK 3 on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via\n fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n - Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted\n loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be\n revised\n\n - S8029630: Thread id should be displayed as a hex number\n in error report\n\n - S8029726: On OS X some dtrace probe names are mismatched\n with Solaris\n\n - S8029727: On OS X dtrace probes\n Call<type>MethodA/Call<type>MethodV are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField\n are not fired\n\n - S8038184: XMLSignature throws\n StringIndexOutOfBoundsException if ID attribute value is\n empty String\n\n - S8038349: Signing XML with DSA throws Exception when key\n is larger than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs\n without JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200\n executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy\n value for hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - S8052396: Catch exceptions resulting from missing font\n cmap\n\n - S8058563: InstanceKlass::_dependencies list isn't\n cleared from empty nmethodBucket entries\n\n - S8061624: [TESTBUG] Some tests cannot be ran under\n compact profiles and therefore shall be excluded\n\n - S8062901: Iterators is spelled incorrectly in the\n Javadoc for Spliterator\n\n - S8064330: Remove SHA224 from the default support list if\n SunMSCAPI enabled\n\n - S8065579: WB method to start G1 concurrent mark cycle\n should be introduced\n\n - S8065986: Compiler fails to NullPointerException when\n calling super with Object()\n\n - S8066974: Compiler doesn't infer method's generic type\n information in lambda body\n\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear\n for out of range years\n\n - S8068033: JNI exception pending in\n jdk/src/share/bin/java.c\n\n - S8068042: Check\n jdk/src/share/native/sun/misc/URLClassPath.c for JNI\n pending\n\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false)\n failed: OLD and/or OBSOLETE method(s) found\n\n - S8068254: Method reference uses wrong qualifying type\n\n - S8074696: Remote debugging session hangs for several\n minutes when calling findBootType\n\n - S8074935: jdk8 keytool doesn't validate pem files for\n RFC 1421 correctness, as jdk7 did\n\n - S8078423: [TESTBUG]\n javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on\n system locale\n\n - S8080492: [Parfait] Uninitialised variable in\n jdk/src/java/desktop/windows/native/libawt/\n\n - S8080650: Enable stubs to use frame pointers correctly\n\n - S8122944: perfdata used is seen as too high on sparc\n zone with jdk1.9 and causes a test failure\n\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n\n - S8129847: Compiling methods generated by Nashorn\n triggers high memory usage in C2\n\n - S8130506: javac AssertionError when invoking\n MethodHandle.invoke with lambda parameter\n\n - S8130910: hsperfdata file is created in wrong directory\n and not cleaned up if /tmp/hsperfdata_<username> has\n wrong permissions\n\n - S8131129: Attempt to define a duplicate BMH$Species\n class\n\n - S8131665: Bad exception message in\n HandshakeHash.getFinishedHash\n\n - S8131782: C1 Class.cast optimization breaks when Class\n is loaded from static final\n\n - S8132503: [macosx] Chinese full stop symbol cannot be\n entered with Pinyin IM on OS X\n\n - S8133207: ParallelProbes.java test fails after changes\n for JDK-8080115\n\n - S8133924: NPE may be thrown when xsltc select a\n non-existing node after JDK-8062518\n\n - S8134007: Improve string folding\n\n - S8134759: jdb: Incorrect stepping inside finally block\n\n - S8134963: [Newtest] New stress test for changing the\n coarseness level of G1 remembered set\n\n - S8136442: Don't tie Certificate signature algorithms to\n ciphersuites\n\n - S8137106: EUDC (End User Defined Characters) are not\n displayed on Windows with Java 8u60+\n\n - S8138745: Implement ExitOnOutOfMemory and\n CrashOnOutOfMemory in HotSpot\n\n - S8138764: In some cases the usage of TreeLock can be\n replaced by other synchronization\n\n - S8139373: [TEST_BUG]\n java/net/MulticastSocket/MultiDead.java failed with\n timeout\n\n - S8139424: SIGSEGV, Problematic frame: # V\n [libjvm.so+0xd0c0cc] void\n InstanceKlass::oop_oop_iterate_oop_maps_specialized<true\n ></true> shClosure>\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8139751: Javac crash with -XDallowStringFolding=false\n\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903\n to 8u-dev\n\n - S8139985: JNI exception pending in\n jdk/src/jdk/hprof/agent/share/native/libhprof\n\n - S8140031: SA: Searching for a value in Threads does not\n work\n\n - S8140249: JVM Crashing During startUp If Flight\n Recording is enabled\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8140587: Atomic*FieldUpdaters should use\n Class.isInstance instead of direct class check\n\n - S8141260: isReachable crash in windows xp\n\n - S8143297: Nashorn compilation time reported in\n nanoseconds\n\n - S8143397: It looks like InetAddress.isReachable(timeout)\n works incorrectly\n\n - S8143855: Bad printf formatting in frame_zero.cpp\n\n - S8143896: java.lang.Long is implicitly converted to\n double\n\n - S8143963: improve ClassLoader::trace_class_path to\n accept an additional outputStream* arg\n\n - S8144020: Remove long as an internal numeric type\n\n - S8144131: ArrayData.getInt implementations do not\n convert to int32\n\n - S8144483: One long Safepoint pause directly after each\n GC log rotation\n\n - S8144487: PhaseIdealLoop::build_and_optimize() must\n restore major_progress flag if skip_loop_opts is true\n\n - S8144885: agent/src/os/linux/libproc.h needs to support\n Linux/SPARC builds\n\n - S8144935: C2: safepoint is pruned from a non-counted\n loop\n\n - S8144937: [TEST_BUG] testlibrary_tests should be\n excluded for compact1 and compact2 execution\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8145099: Better error message when SA can't attach to a\n process\n\n - S8145442: Add the facility to verify remembered sets for\n G1\n\n - S8145466: javac: No line numbers in compilation error\n\n - S8145539: (coll) AbstractMap.keySet and .values should\n not be volatile\n\n - S8145550: Megamorphic invoke should use CompiledFunction\n variants without any LinkLogic\n\n - S8145669: apply2call optimized callsite fails after\n becoming megamorphic\n\n - S8145722: NullPointerException in javadoc\n\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset()\n does not match AddI\n\n - S8146147: Java linker indexed property getter does not\n work for computed nashorn string\n\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n\n - S8146725: Issues with\n SignatureAndHashAlgorithm.getSupportedAlgorithms\n\n - S8146979: Backport of 8046471 breaks ppc64 build in\n jdk8u because 8072383 was badly backported before\n\n - S8147087: Race when reusing PerRegionTable bitmaps may\n result in dropped remembered set entries\n\n - S8147630: Wrong test result pushed to 8u-dev\n\n - S8147845: Varargs Array functions still leaking longs\n\n - S8147857: RMIConnector logs attribute names incorrectly\n\n - S8148353: [linux-sparc] Crash in libawt.so on Linux\n SPARC\n\n - S8150791: 8u76 L10n resource file translation update\n\n - Import of OpenJDK 8 u101 build 13\n\n - S6483657: MSCAPI provider does not create unique alias\n names\n\n - S6675699: need comprehensive fix for unconstrained\n ConvI2L with narrowed type\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8081778: Use Intel x64 CPU instructions for RSA\n acceleration\n\n - S8130150: Implement BigInteger.montgomeryMultiply\n intrinsic\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8143913: MSCAPI keystore should accept Certificate[] in\n setEntry()\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146240: Three nashorn files contain 'GNU General\n Public License' header\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147994: [macosx] JScrollPane jitters up/down during\n trackpad scrolling on MacOS/Aqua\n\n - S8151522: Disable 8130150 and 8081778 intrinsics by\n default\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8152098: Fix 8151522 caused test\n compiler/intrinsics/squaretolen/TestSquareToLen.java to\n fail\n\n - S8157077: 8u101 L10n resource file updates\n\n - Backports\n\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6778087, PR1061: getLocationOnScreen() always returns\n (0, 0) for mouse wheel events\n\n - S6961123, PR2972: setWMClass fails to null-terminate\n WM_CLASS string\n\n - S8008657, PR3077: JSpinner setComponentOrientation\n doesn't affect on text orientation\n\n - S8014212, PR2866: Robot captures black screen\n\n - S8029339, PR1061: Custom MultiResolution image support\n on HiDPI displays\n\n - S8031145, PR3077: Re-examine closed i18n tests to see it\n they can be moved to the jdk repository.\n\n - S8034856, PR3095: gcc warnings compiling\n src/solaris/native/sun/security/pkcs11\n\n - S8034857, PR3095: gcc warnings compiling\n src/solaris/native/sun/management\n\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n\n - S8035287, PR3095: gcc warnings compiling various\n libraries files\n\n - S8038631, PR3077: Create wrapper for awt.Robot with\n additional functionality\n\n - S8039279, PR3077: Move awt tests to openjdk repository\n\n - S8041561, PR3077: Inconsistent opacity behaviour between\n JCheckBox and JRadioButton\n\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing\n tests to jdk\n\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression\n tests tree\n\n - S8043126, PR3077: move awt automated functional tests\n from AWT_Events/Lw and AWT_Events/AWT to OpenJDK\n repository\n\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and\n GC functional AWT tests to regression tree\n\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted\n AWT_Mixing tests\n\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758\n and AltPlusNumberKeyCombinationsTest to jdk\n\n - S8044429, PR3077: move awt automated tests for\n AWT_Modality to OpenJDK repository\n\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time\n out\n\n - S8044765, PR3077: Move functional tests\n AWT_SystemTray/Automated to openjdk repository\n\n - S8047180, PR3077: Move functional tests\n AWT_Headless/Automated to OpenJDK repository\n\n - S8047367, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 2\n\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated\n functional tests to OpenJDK\n\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times\n out again\n\n - S8049617, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 3\n\n - S8049694, PR3077: Migrate functional\n AWT_DesktopProperties/Automated tests to OpenJDK\n\n - S8050885, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 4\n\n - S8051440, PR3077: move tests about maximizing\n undecorated to OpenJDK\n\n - S8052012, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 5\n\n - S8052408, PR3077: Move AWT_BAT functional tests to\n OpenJDK (3 of 3)\n\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related\n to undecorated Frame/JFrame to JDK\n\n - S8054143, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 6\n\n - S8054358, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 7\n\n - S8054359, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 8\n\n - S8055360, PR3077: Move the rest part of AWT\n ShapedAndTranslucent tests to OpenJDK\n\n - S8055664, PR3077: move 14 tests about\n setLocationRelativeTo to jdk\n\n - S8055836, PR3077: move awt tests from AWT_Modality to\n OpenJDK repository - part 9\n\n - S8056911, PR3077: Remove internal API usage from\n ExtendedRobot class\n\n - S8057694, PR3077: move awt tests from AWT_Modality to\n OpenJDK repository - part 10\n\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe\n st/MovedResizedTwic eTest.java failed automatically\n\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n\n - S8063102, PR3077: Change open awt regression tests to\n avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063104, PR3077: Change open awt regression tests to\n avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8063106, PR3077: Change open swing regression tests to\n avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063107, PR3077: Change open swing regression tests to\n avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8064573, PR3077: [TEST_BUG]\n javax/swing/text/AbstractDocument/6968363/Test6968363.ja\n va is asocial pressing VK_LEFT and not releasing\n\n - S8064575, PR3077: [TEST_BUG]\n javax/swing/JEditorPane/6917744/bug6917744.java 100\n times press keys and never releases\n\n - S8064809, PR3077: [TEST_BUG]\n javax/swing/JComboBox/4199622/bug4199622.java contains a\n lot of keyPress and not a single keyRelease\n\n - S8067441, PR3077: Some tests fails with error: cannot\n find symbol getSystemMnemonicKeyCodes()\n\n - S8068228, PR3077: Test\n closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT\n est fails with GTKLookAndFeel\n\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform()\n does not include scale factor\n\n - S8073320, PR1061: Windows HiDPI Graphics support\n\n - S8074807, PR3077: Fix some tests unnecessary using\n internal API\n\n - S8076315, PR3077: move 4 manual functional swing tests\n to regression suite\n\n - S8078504, PR3094: Zero lacks declaration of\n VM_Version::initialize()\n\n - S8129822, PR3077: Define 'headful' jtreg keyword\n\n - S8132123, PR1061: MultiResolutionCachedImage\n unnecessarily creates base image to get its size\n\n - S8133539, PR1061: [TEST_BUG] Split\n java/awt/image/MultiResolutionImageTest.java in two to\n allow restricted access\n\n - S8137571, PR1061: Linux HiDPI Graphics support\n\n - S8142406, PR1061: [TEST] MultiResolution image: need\n test to cover the case when @2x image is corrupted\n\n - S8145188, PR2945: No LocalVariableTable generated for\n the entire JDK\n\n - S8150258, PR1061: [TEST] HiDPI: create a test for\n multiresolution menu items icons\n\n - S8150724, PR1061: [TEST] HiDPI: create a test for\n multiresolution icons\n\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale\n should be taken into account for OS X\n\n - S8151841, PR2882: Build needs additional flags to\n compile with GCC 6 [plus parts of 8149647 & 8032045]\n\n - S8155613, PR1061: [PIT] crash in\n AWT_Desktop/Automated/Exceptions/BasicTest\n\n - S8156020, PR1061: 8145547 breaks AIX and and uses\n RTLD_NOLOAD incorrectly\n\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional\n support for GTK 3 on Linux\n\n - S8158260, PR2991, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3074: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key\n headful.\n\n - S8160294, PR2882, PR3095: Some client libraries cannot\n be built with GCC 6\n\n - Bug fixes\n\n - PR1958: GTKLookAndFeel does not honor\n gtk-alternative-button-order\n\n - PR2822: Feed LIBS & CFLAGS into configure rather than\n make to avoid re-discovery by OpenJDK configure\n\n - PR2932: Support ccache in a non-automagic manner\n\n - PR2933: Support ccache 3.2 and later\n\n - PR2964: Set system defaults based on OS\n\n - PR2974, RH1337583: PKCS#10 certificate requests now use\n CRLF line endings rather than system line endings\n\n - PR3078: Remove duplicated line dating back to 6788347\n and 6894807\n\n - PR3083, RH1346460: Regression in SSL debug output\n without an ECC provider\n\n - PR3089: Remove old memory limits patch\n\n - PR3090, RH1204159: SystemTap is heavily confused by\n multiple JDKs\n\n - PR3095: Fix warnings in URLClassPath.c\n\n - PR3096: Remove dead --disable-optimizations option\n\n - PR3105: Use version from hotspot.map to create tarball\n filename\n\n - PR3106: Handle both correctly-spelt property\n 'enableCustomValueHandler' introduced by S8079718 and\n typo version\n\n - PR3108: Shenandoah patches not included in release\n tarball\n\n - PR3110: Update hotspot.map documentation in INSTALL\n\n - AArch64 port\n\n - S8145320, PR3078: Create unsafe_arraycopy and\n generic_arraycopy for AArch64\n\n - S8148328, PR3078: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3078: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3078: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8149080, PR3078: AArch64: Recognise disjoint array copy\n in stub code\n\n - S8149365, PR3078: aarch64: memory copy does not prefetch\n on backwards copy\n\n - S8149907, PR3078: aarch64: use load/store pair\n instructions in call_stub\n\n - S8150038, PR3078: aarch64: make use of CBZ and CBNZ when\n comparing narrow pointer with zero\n\n - S8150045, PR3078: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8150082, PR3078: aarch64: optimise small array copy\n\n - S8150229, PR3078: aarch64: pipeline class for several\n instructions is not set correctly\n\n - S8150313, PR3078: aarch64: optimise array copy using\n SIMD instructions\n\n - S8150394, PR3078: aarch64: add support for 8.1 LSE CAS\n instructions\n\n - S8151340, PR3078: aarch64: prefetch the destination word\n for write prior to ldxr/stxr loops.\n\n - S8151502, PR3078: optimize pd_disjoint_words and\n pd_conjoint_words\n\n - S8151775, PR3078: aarch64: add support for 8.1 LSE\n atomic operations\n\n - S8152537, PR3078: aarch64: Make use of CBZ and CBNZ when\n comparing unsigned values with zero.\n\n - S8152840, PR3078: aarch64: improve _unsafe_arraycopy\n stub routine\n\n - S8153713, PR3078: aarch64: improve short array clearing\n using store pair\n\n - S8153797, PR3078: aarch64: Add Arrays.fill stub code\n\n - S8154537, PR3078: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3078: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8155015, PR3078: Aarch64: bad assert in spill\n generation code\n\n - S8155100, PR3078: AArch64: Relax alignment requirement\n for byte_map_base\n\n - S8155612, PR3078: Aarch64: vector nodes need to support\n misaligned offset\n\n - S8155617, PR3078: aarch64: ClearArray does not use DC\n ZVA\n\n - S8155653, PR3078: TestVectorUnalignedOffset.java not\n pushed with 8155612\n\n - S8156731, PR3078: aarch64: java/util/Arrays/Correct.java\n fails due to _generic_arraycopy stub routine\n\n - S8157841, PR3078: aarch64: prefetch ignores cache line\n size\n\n - S8157906, PR3078: aarch64: some more integer rotate\n instructions are never emitted\n\n - S8158913, PR3078: aarch64: SEGV running Spark terasort\n\n - S8159052, PR3078: aarch64: optimise unaligned copies in\n pd_disjoint_words and pd_conjoint_words\n\n - S8159063, PR3078: aarch64: optimise unaligned array copy\n long\n\n - PR3078: Cleanup remaining differences from aarch64/jdk8u\n tree\n\n - Fix script linking /usr/share/javazi/tzdb.dat for\n platform where it applies (bsc#987895)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n avoid some crashes</username></type></type>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3508/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3587/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3610/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162012-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ae51c3f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1187=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1187=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.101-14.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-14.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-26T15:35:08", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 101, 7 Update 111, or 6 Update 121. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the CORBA subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458)\n\n - An unspecified flaw exists in the Networking subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485)\n\n - An unspecified flaw exists in the JavaFX subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498)\n\n - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500)\n\n - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503)\n\n - An unspecified flaw exists in the JAXP subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3508)\n\n - An unspecified flaw exists in the Deployment subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511)\n\n - An unspecified flaw exists in the Hotspot subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information.\n (CVE-2016-3550)\n\n - An unspecified flaw exists in the Install subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3552)\n\n - A flaw exists in the Hotspot subcomponent due to improper access to the MethodHandle::invokeBasic() function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587)\n\n - A flaw exists in the Libraries subcomponent within the MethodHandles::dropArguments() function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598)\n\n - A flaw exists in the Hotspot subcomponent within the ClassVerifier::ends_in_athrow() function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code.\n (CVE-2016-3606)\n\n - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "nessus", "title": "Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_JUL_2016_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/92517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92517);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-3458\",\n \"CVE-2016-3485\",\n \"CVE-2016-3498\",\n \"CVE-2016-3500\",\n \"CVE-2016-3503\",\n \"CVE-2016-3508\",\n \"CVE-2016-3511\",\n \"CVE-2016-3550\",\n \"CVE-2016-3552\",\n \"CVE-2016-3587\",\n \"CVE-2016-3598\",\n \"CVE-2016-3606\",\n \"CVE-2016-3610\"\n );\n script_bugtraq_id(\n 91904,\n 91912,\n 91918,\n 91930,\n 91945,\n 91951,\n 91956,\n 91962,\n 91972,\n 91990,\n 91996,\n 92000,\n 92006\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 101, 7 Update 111,\nor 6 Update 121. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the CORBA subcomponent\n that allows an unauthenticated, remote attacker to\n impact integrity. (CVE-2016-3458)\n\n - An unspecified flaw exists in the Networking\n subcomponent that allows a local attacker to impact\n integrity. (CVE-2016-3485)\n\n - An unspecified flaw exists in the JavaFX subcomponent\n that allows an unauthenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3498)\n\n - An unspecified flaw exists in the JAXP subcomponent that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3500)\n\n - An unspecified flaw exists in the Install subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3503)\n\n - An unspecified flaw exists in the JAXP subcomponent that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3508)\n\n - An unspecified flaw exists in the Deployment\n subcomponent that allows a local attacker to gain\n elevated privileges. (CVE-2016-3511)\n\n - An unspecified flaw exists in the Hotspot subcomponent\n that allows an unauthenticated, remote attacker to\n disclose potentially sensitive information.\n (CVE-2016-3550)\n\n - An unspecified flaw exists in the Install subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3552)\n\n - A flaw exists in the Hotspot subcomponent due to\n improper access to the MethodHandle::invokeBasic()\n function. An unauthenticated, remote attacker can\n exploit this to execute arbitrary code. (CVE-2016-3587)\n\n - A flaw exists in the Libraries subcomponent within the\n MethodHandles::dropArguments() function that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-3598)\n\n - A flaw exists in the Hotspot subcomponent within the\n ClassVerifier::ends_in_athrow() function when handling\n bytecode verification. An unauthenticated, remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2016-3606)\n\n - An unspecified flaw exists in the Libraries subcomponent\n that allows an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2016-3610)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e71b6836\");\n # http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92867054\");\n # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_111\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6adbf356\");\n # https://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_121\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81636e81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 101 / 7 Update 111 / 6 Update\n121 or later. If necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 6 Update 95 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3610\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 8 Update 101 / 7 Update 111 / 6 Update 121\n if (\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-9][0-9]|1[01][0-9]|120)([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-9][0-9]|10[0-9]|110)([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-9][0-9]|100)([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_121 / 1.7.0_111 / 1.8.0_101\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installations on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T15:02:09", "description": "This update for java-1_8_0-openjdk fixes the following issues :\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25) :\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (boo#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (boo#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (boo#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (boo#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (boo#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility (boo#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (boo#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (boo#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (boo#989725)\n\n - CVE-2016-3552 (boo#989726)\n\n - CVE-2016-3511 (boo#989727)\n\n - CVE-2016-3503 (boo#989728)\n\n - CVE-2016-3498 (boo#989729)\n\n - New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for GTK 3 on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n - Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be revised\n\n - S8029630: Thread id should be displayed as a hex number in error report\n\n - S8029726: On OS X some dtrace probe names are mismatched with Solaris\n\n - S8029727: On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField are not fired\n\n - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String\n\n - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs without JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200 executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy value for hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - S8052396: Catch exceptions resulting from missing font cmap\n\n - S8058563: InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries\n\n - S8061624: [TESTBUG] Some tests cannot be ran under compact profiles and therefore shall be excluded\n\n - S8062901: Iterators is spelled incorrectly in the Javadoc for Spliterator\n\n - S8064330: Remove SHA224 from the default support list if SunMSCAPI enabled\n\n - S8065579: WB method to start G1 concurrent mark cycle should be introduced\n\n - S8065986: Compiler fails to NullPointerException when calling super with Object<>()\n\n - S8066974: Compiler doesn't infer method's generic type information in lambda body\n\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear for out of range years\n\n - S8068033: JNI exception pending in jdk/src/share/bin/java.c\n\n - S8068042: Check jdk/src/share/native/sun/misc/URLClassPath.c for JNI pending\n\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false) failed: OLD and/or OBSOLETE method(s) found\n\n - S8068254: Method reference uses wrong qualifying type\n\n - S8074696: Remote debugging session hangs for several minutes when calling findBootType\n\n - S8074935: jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did\n\n - S8078423: [TESTBUG] javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on system locale\n\n - S8080492: [Parfait] Uninitialised variable in jdk/src/java/desktop/windows/native/libawt/\n\n - S8080650: Enable stubs to use frame pointers correctly\n\n - S8122944: perfdata used is seen as too high on sparc zone with jdk1.9 and causes a test failure\n\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n\n - S8129847: Compiling methods generated by Nashorn triggers high memory usage in C2\n\n - S8130506: javac AssertionError when invoking MethodHandle.invoke with lambda parameter\n\n - S8130910: hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions\n\n - S8131129: Attempt to define a duplicate BMH$Species class\n\n - S8131665: Bad exception message in HandshakeHash.getFinishedHash\n\n - S8131782: C1 Class.cast optimization breaks when Class is loaded from static final\n\n - S8132503: [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X\n\n - S8133207: ParallelProbes.java test fails after changes for JDK-8080115\n\n - S8133924: NPE may be thrown when xsltc select a non-existing node after JDK-8062518\n\n - S8134007: Improve string folding\n\n - S8134759: jdb: Incorrect stepping inside finally block\n\n - S8134963: [Newtest] New stress test for changing the coarseness level of G1 remembered set\n\n - S8136442: Don't tie Certificate signature algorithms to ciphersuites\n\n - S8137106: EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+\n\n - S8138745: Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot\n\n - S8138764: In some cases the usage of TreeLock can be replaced by other synchronization\n\n - S8139373: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout\n\n - S8139424: SIGSEGV, Problematic frame: # V [libjvm.so+0xd0c0cc] void InstanceKlass::oop_oop_iterate_oop_maps_specialized<true ,oopDesc*,MarkAndPushClosure>\n\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n\n - S8139751: Javac crash with -XDallowStringFolding=false\n\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903 to 8u-dev\n\n - S8139985: JNI exception pending in jdk/src/jdk/hprof/agent/share/native/libhprof\n\n - S8140031: SA: Searching for a value in Threads does not work\n\n - S8140249: JVM Crashing During startUp If Flight Recording is enabled\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check\n\n - S8141260: isReachable crash in windows xp\n\n - S8143297: Nashorn compilation time reported in nanoseconds\n\n - S8143397: It looks like InetAddress.isReachable(timeout) works incorrectly\n\n - S8143855: Bad printf formatting in frame_zero.cpp\n\n - S8143896: java.lang.Long is implicitly converted to double\n\n - S8143963: improve ClassLoader::trace_class_path to accept an additional outputStream* arg\n\n - S8144020: Remove long as an internal numeric type\n\n - S8144131: ArrayData.getInt implementations do not convert to int32\n\n - S8144483: One long Safepoint pause directly after each GC log rotation\n\n - S8144487: PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true\n\n - S8144885: agent/src/os/linux/libproc.h needs to support Linux/SPARC builds\n\n - S8144935: C2: safepoint is pruned from a non-counted loop\n\n - S8144937: [TEST_BUG] testlibrary_tests should be excluded for compact1 and compact2 execution\n\n - S8145017: Add support for 3 digit hotspot minor version numbers\n\n - S8145099: Better error message when SA can't attach to a process\n\n - S8145442: Add the facility to verify remembered sets for G1\n\n - S8145466: javac: No line numbers in compilation error\n\n - S8145539: (coll) AbstractMap.keySet and .values should not be volatile\n\n - S8145550: Megamorphic invoke should use CompiledFunction variants without any LinkLogic\n\n - S8145669: apply2call optimized callsite fails after becoming megamorphic\n\n - S8145722: NullPointerException in javadoc\n\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI\n\n - S8146147: Java linker indexed property getter does not work for computed nashorn string\n\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n\n - S8146725: Issues with SignatureAndHashAlgorithm.getSupportedAlgorithms\n\n - S8146979: Backport of 8046471 breaks ppc64 build in jdk8u because 8072383 was badly backported before\n\n - S8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries\n\n - S8147630: Wrong test result pushed to 8u-dev\n\n - S8147845: Varargs Array functions still leaking longs\n\n - S8147857: RMIConnector logs attribute names incorrectly\n\n - S8148353: [linux-sparc] Crash in libawt.so on Linux SPARC\n\n - S8150791: 8u76 L10n resource file translation update\n\n - Import of OpenJDK 8 u101 build 13\n\n - S6483657: MSCAPI provider does not create unique alias names\n\n - S6675699: need comprehensive fix for unconstrained ConvI2L with narrowed type\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying timestamp hash algorithm\n\n - S8081778: Use Intel x64 CPU instructions for RSA acceleration\n\n - S8130150: Implement BigInteger.montgomeryMultiply intrinsic\n\n - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts\n\n - S8143913: MSCAPI keystore should accept Certificate[] in setEntry()\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146240: Three nashorn files contain 'GNU General Public License' header\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811\n\n - S8147994: [macosx] JScrollPane jitters up/down during trackpad scrolling on MacOS/Aqua\n\n - S8151522: Disable 8130150 and 8081778 intrinsics by default\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8152098: Fix 8151522 caused test compiler/intrinsics/squaretolen/TestSquareToLen.java to fail\n\n - S8157077: 8u101 L10n resource file updates\n\n - Backports\n\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate\n\n - S6778087, PR1061: getLocationOnScreen() always returns (0, 0) for mouse wheel events\n\n - S6961123, PR2972: setWMClass fails to null-terminate WM_CLASS string\n\n - S8008657, PR3077: JSpinner setComponentOrientation doesn't affect on text orientation\n\n - S8014212, PR2866: Robot captures black screen\n\n - S8029339, PR1061: Custom MultiResolution image support on HiDPI displays\n\n - S8031145, PR3077: Re-examine closed i18n tests to see it they can be moved to the jdk repository.\n\n - S8034856, PR3095: gcc warnings compiling src/solaris/native/sun/security/pkcs11\n\n - S8034857, PR3095: gcc warnings compiling src/solaris/native/sun/management\n\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n\n - S8035287, PR3095: gcc warnings compiling various libraries files\n\n - S8038631, PR3077: Create wrapper for awt.Robot with additional functionality\n\n - S8039279, PR3077: Move awt tests to openjdk repository\n\n - S8041561, PR3077: Inconsistent opacity behaviour between JCheckBox and JRadioButton\n\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk\n\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression tests tree\n\n - S8043126, PR3077: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository\n\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree\n\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted AWT_Mixing tests\n\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk\n\n - S8044429, PR3077: move awt automated tests for AWT_Modality to OpenJDK repository\n\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time out\n\n - S8044765, PR3077: Move functional tests AWT_SystemTray/Automated to openjdk repository\n\n - S8047180, PR3077: Move functional tests AWT_Headless/Automated to OpenJDK repository\n\n - S8047367, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 2\n\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK\n\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times out again\n\n - S8049617, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 3\n\n - S8049694, PR3077: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK\n\n - S8050885, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 4\n\n - S8051440, PR3077: move tests about maximizing undecorated to OpenJDK\n\n - S8052012, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 5\n\n - S8052408, PR3077: Move AWT_BAT functional tests to OpenJDK (3 of 3)\n\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK\n\n - S8054143, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 6\n\n - S8054358, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 7\n\n - S8054359, PR3077: move awt automated tests from AWT_Modality to OpenJDK repository - part 8\n\n - S8055360, PR3077: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK\n\n - S8055664, PR3077: move 14 tests about setLocationRelativeTo to jdk\n\n - S8055836, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 9\n\n - S8056911, PR3077: Remove internal API usage from ExtendedRobot class\n\n - S8057694, PR3077: move awt tests from AWT_Modality to OpenJDK repository - part 10\n\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe st/MovedResizedTwiceTest.java failed automatically\n\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n\n - S8063102, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063104, PR3077: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8063106, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063107, PR3077: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8064573, PR3077: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.ja va is asocial pressing VK_LEFT and not releasing\n\n - S8064575, PR3077: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases\n\n - S8064809, PR3077: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease\n\n - S8067441, PR3077: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()\n\n - S8068228, PR3077: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT est fails with GTKLookAndFeel\n\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform() does not include scale factor\n\n - S8073320, PR1061: Windows HiDPI Graphics support\n\n - S8074807, PR3077: Fix some tests unnecessary using internal API\n\n - S8076315, PR3077: move 4 manual functional swing tests to regression suite\n\n - S8078504, PR3094: Zero lacks declaration of VM_Version::initialize()\n\n - S8129822, PR3077: Define 'headful' jtreg keyword\n\n - S8132123, PR1061: MultiResolutionCachedImage unnecessarily creates base image to get its size\n\n - S8133539, PR1061: [TEST_BUG] Split java/awt/image/MultiResolutionImageTest.java in two to allow restricted access\n\n - S8137571, PR1061: Linux HiDPI Graphics support\n\n - S8142406, PR1061: [TEST] MultiResolution image: need test to cover the case when @2x image is corrupted\n\n - S8145188, PR2945: No LocalVariableTable generated for the entire JDK\n\n - S8150258, PR1061: [TEST] HiDPI: create a test for multiresolution menu items icons\n\n - S8150724, PR1061: [TEST] HiDPI: create a test for multiresolution icons\n\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale should be taken into account for OS X\n\n - S8151841, PR2882: Build needs additional flags to compile with GCC 6 [plus parts of 8149647 & 8032045]\n\n - S8155613, PR1061: [PIT] crash in AWT_Desktop/Automated/Exceptions/BasicTest\n\n - S8156020, PR1061: 8145547 breaks AIX and and uses RTLD_NOLOAD incorrectly\n\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional support for GTK 3 on Linux\n\n - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions\n\n - S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape\n\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key headful.\n\n - S8160294, PR2882, PR3095: Some client libraries cannot be built with GCC 6\n\n - Bug fixes\n\n - PR1958: GTKLookAndFeel does not honor gtk-alternative-button-order\n\n - PR2822: Feed LIBS & CFLAGS into configure rather than make to avoid re-discovery by OpenJDK configure\n\n - PR2932: Support ccache in a non-automagic manner\n\n - PR2933: Support ccache 3.2 and later\n\n - PR2964: Set system defaults based on OS\n\n - PR2974, RH1337583: PKCS#10 certificate requests now use CRLF line endings rather than system line endings\n\n - PR3078: Remove duplicated line dating back to 6788347 and 6894807\n\n - PR3083, RH1346460: Regression in SSL debug output without an ECC provider\n\n - PR3089: Remove old memory limits patch\n\n - PR3090, RH1204159: SystemTap is heavily confused by multiple JDKs\n\n - PR3095: Fix warnings in URLClassPath.c\n\n - PR3096: Remove dead --disable-optimizations option\n\n - PR3105: Use version from hotspot.map to create tarball filename\n\n - PR3106: Handle both correctly-spelt property 'enableCustomValueHandler' introduced by S8079718 and typo version\n\n - PR3108: Shenandoah patches not included in release tarball\n\n - PR3110: Update hotspot.map documentation in INSTALL\n\n - Fix script linking /usr/share/javazi/tzdb.dat for platform where it applies (boo#987895)\n\n - Fix aarch64 running with 48 bits va space (boo#984684)", "cvss3": {}, "published": "2016-08-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-944.NASL", "href": "https://www.tenable.com/plugins/nessus/92774", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-944.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92774);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3552\", \"CVE-2016-3587\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-944)\");\n script_summary(english:\"Check for the openSUSE-2016-944 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-openjdk fixes the following issues :\n\n - Upgrade to version jdk8u101 (icedtea 3.1.0)\n\n - New in release 3.1.0 (2016-07-25) :\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (boo#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (boo#989734)\n\n - S8146514: Enforce GCM limits\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (boo#989730)\n\n - S8149070: Enforce update ordering\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (boo#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (boo#989733)\n\n - S8153312: Constrain AppCDS behavior\n\n - S8154475, CVE-2016-3587: Clean up lookup visibility\n (boo#989721)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (boo#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (boo#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (boo#989725)\n\n - CVE-2016-3552 (boo#989726)\n\n - CVE-2016-3511 (boo#989727)\n\n - CVE-2016-3503 (boo#989728)\n\n - CVE-2016-3498 (boo#989729)\n\n - New features\n\n - S8145547, PR1061: [AWT/Swing] Conditional support for\n GTK 3 on Linux\n\n - PR2821: Support building OpenJDK with --disable-headful\n\n - PR2931, G478960: Provide Infinality Support via\n fontconfig\n\n - PR3079: Provide option to build Shenandoah on x86_64\n\n - Import of OpenJDK 8 u92 build 14\n\n - S6869327: Add new C2 flag to keep safepoints in counted\n loops.\n\n - S8022865: [TESTBUG] Compressed Oops testing needs to be\n revised\n\n - S8029630: Thread id should be displayed as a hex number\n in error report\n\n - S8029726: On OS X some dtrace probe names are mismatched\n with Solaris\n\n - S8029727: On OS X dtrace probes\n Call<type>MethodA/Call<type>MethodV are not fired.\n\n - S8029728: On OS X dtrace probes SetStaticBooleanField\n are not fired\n\n - S8038184: XMLSignature throws\n StringIndexOutOfBoundsException if ID attribute value is\n empty String\n\n - S8038349: Signing XML with DSA throws Exception when key\n is larger than 1024 bits\n\n - S8041501: ImageIO reader is not capable of reading JPEGs\n without JFIF header\n\n - S8041900: [macosx] Java forces the use of discrete GPU\n\n - S8044363: Remove special build options for unpack200\n executable\n\n - S8046471: Use OPENJDK_TARGET_CPU_ARCH instead of legacy\n value for hotspot ARCH\n\n - S8046611: Build errors with gcc on sparc/fastdebug\n\n - S8047763: Recognize sparc64 as a sparc platform\n\n - S8048232: Fix for 8046471 breaks PPC64 build\n\n - S8052396: Catch exceptions resulting from missing font\n cmap\n\n - S8058563: InstanceKlass::_dependencies list isn't\n cleared from empty nmethodBucket entries\n\n - S8061624: [TESTBUG] Some tests cannot be ran under\n compact profiles and therefore shall be excluded\n\n - S8062901: Iterators is spelled incorrectly in the\n Javadoc for Spliterator\n\n - S8064330: Remove SHA224 from the default support list if\n SunMSCAPI enabled\n\n - S8065579: WB method to start G1 concurrent mark cycle\n should be introduced\n\n - S8065986: Compiler fails to NullPointerException when\n calling super with Object<>()\n\n - S8066974: Compiler doesn't infer method's generic type\n information in lambda body\n\n - S8067800: Clarify java.time.chrono.Chronology.isLeapYear\n for out of range years\n\n - S8068033: JNI exception pending in\n jdk/src/share/bin/java.c\n\n - S8068042: Check\n jdk/src/share/native/sun/misc/URLClassPath.c for JNI\n pending\n\n - S8068162: jvmtiRedefineClasses.cpp: guarantee(false)\n failed: OLD and/or OBSOLETE method(s) found\n\n - S8068254: Method reference uses wrong qualifying type\n\n - S8074696: Remote debugging session hangs for several\n minutes when calling findBootType\n\n - S8074935: jdk8 keytool doesn't validate pem files for\n RFC 1421 correctness, as jdk7 did\n\n - S8078423: [TESTBUG]\n javax/print/PrintSEUmlauts/PrintSEUmlauts.java relies on\n system locale\n\n - S8080492: [Parfait] Uninitialised variable in\n jdk/src/java/desktop/windows/native/libawt/\n\n - S8080650: Enable stubs to use frame pointers correctly\n\n - S8122944: perfdata used is seen as too high on sparc\n zone with jdk1.9 and causes a test failure\n\n - S8129348: Debugger hangs in trace mode with TRACE_SENDS\n\n - S8129847: Compiling methods generated by Nashorn\n triggers high memory usage in C2\n\n - S8130506: javac AssertionError when invoking\n MethodHandle.invoke with lambda parameter\n\n - S8130910: hsperfdata file is created in wrong directory\n and not cleaned up if /tmp/hsperfdata_<username> has\n wrong permissions\n\n - S8131129: Attempt to define a duplicate BMH$Species\n class\n\n - S8131665: Bad exception message in\n HandshakeHash.getFinishedHash\n\n - S8131782: C1 Class.cast optimization breaks when Class\n is loaded from static final\n\n - S8132503: [macosx] Chinese full stop symbol cannot be\n entered with Pinyin IM on OS X\n\n - S8133207: ParallelProbes.java test fails after changes\n for JDK-8080115\n\n - S8133924: NPE may be thrown when xsltc select a\n non-existing node after JDK-8062518\n\n - S8134007: Improve string folding\n\n - S8134759: jdb: Incorrect stepping inside finally block\n\n - S8134963: [Newtest] New stress test for changing the\n coarseness level of G1 remembered set\n\n - S8136442: Don't tie Certificate signature algorithms to\n ciphersuites\n\n - S8137106: EUDC (End User Defined Characters) are not\n displayed on Windows with Java 8u60+\n\n - S8138745: Implement ExitOnOutOfMemory and\n CrashOnOutOfMemory in HotSpot\n\n - S8138764: In some cases the usage of TreeLock can be\n replaced by other synchronization\n\n - S8139373: [TEST_BUG]\n java/net/MulticastSocket/MultiDead.java failed with\n timeout\n\n - S8139424: SIGSEGV, Problematic frame: # V\n [libjvm.so+0xd0c0cc] void\n InstanceKlass::oop_oop_iterate_oop_maps_specialized<true\n ,oopDesc*,MarkAndPushClosure>\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8139751: Javac crash with -XDallowStringFolding=false\n\n - S8139863: [TESTBUG] Need to port tests for JDK-8134903\n to 8u-dev\n\n - S8139985: JNI exception pending in\n jdk/src/jdk/hprof/agent/share/native/libhprof\n\n - S8140031: SA: Searching for a value in Threads does not\n work\n\n - S8140249: JVM Crashing During startUp If Flight\n Recording is enabled\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8140587: Atomic*FieldUpdaters should use\n Class.isInstance instead of direct class check\n\n - S8141260: isReachable crash in windows xp\n\n - S8143297: Nashorn compilation time reported in\n nanoseconds\n\n - S8143397: It looks like InetAddress.isReachable(timeout)\n works incorrectly\n\n - S8143855: Bad printf formatting in frame_zero.cpp\n\n - S8143896: java.lang.Long is implicitly converted to\n double\n\n - S8143963: improve ClassLoader::trace_class_path to\n accept an additional outputStream* arg\n\n - S8144020: Remove long as an internal numeric type\n\n - S8144131: ArrayData.getInt implementations do not\n convert to int32\n\n - S8144483: One long Safepoint pause directly after each\n GC log rotation\n\n - S8144487: PhaseIdealLoop::build_and_optimize() must\n restore major_progress flag if skip_loop_opts is true\n\n - S8144885: agent/src/os/linux/libproc.h needs to support\n Linux/SPARC builds\n\n - S8144935: C2: safepoint is pruned from a non-counted\n loop\n\n - S8144937: [TEST_BUG] testlibrary_tests should be\n excluded for compact1 and compact2 execution\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8145099: Better error message when SA can't attach to a\n process\n\n - S8145442: Add the facility to verify remembered sets for\n G1\n\n - S8145466: javac: No line numbers in compilation error\n\n - S8145539: (coll) AbstractMap.keySet and .values should\n not be volatile\n\n - S8145550: Megamorphic invoke should use CompiledFunction\n variants without any LinkLogic\n\n - S8145669: apply2call optimized callsite fails after\n becoming megamorphic\n\n - S8145722: NullPointerException in javadoc\n\n - S8145754: PhaseIdealLoop::is_scaled_iv_plus_offset()\n does not match AddI\n\n - S8146147: Java linker indexed property getter does not\n work for computed nashorn string\n\n - S8146566: OpenJDK build can't handle commas in LDFLAGS\n\n - S8146725: Issues with\n SignatureAndHashAlgorithm.getSupportedAlgorithms\n\n - S8146979: Backport of 8046471 breaks ppc64 build in\n jdk8u because 8072383 was badly backported before\n\n - S8147087: Race when reusing PerRegionTable bitmaps may\n result in dropped remembered set entries\n\n - S8147630: Wrong test result pushed to 8u-dev\n\n - S8147845: Varargs Array functions still leaking longs\n\n - S8147857: RMIConnector logs attribute names incorrectly\n\n - S8148353: [linux-sparc] Crash in libawt.so on Linux\n SPARC\n\n - S8150791: 8u76 L10n resource file translation update\n\n - Import of OpenJDK 8 u101 build 13\n\n - S6483657: MSCAPI provider does not create unique alias\n names\n\n - S6675699: need comprehensive fix for unconstrained\n ConvI2L with narrowed type\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8081778: Use Intel x64 CPU instructions for RSA\n acceleration\n\n - S8130150: Implement BigInteger.montgomeryMultiply\n intrinsic\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8143913: MSCAPI keystore should accept Certificate[] in\n setEntry()\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146240: Three nashorn files contain 'GNU General\n Public License' header\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147994: [macosx] JScrollPane jitters up/down during\n trackpad scrolling on MacOS/Aqua\n\n - S8151522: Disable 8130150 and 8081778 intrinsics by\n default\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8152098: Fix 8151522 caused test\n compiler/intrinsics/squaretolen/TestSquareToLen.java to\n fail\n\n - S8157077: 8u101 L10n resource file updates\n\n - Backports\n\n - S6260348, PR3066: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6778087, PR1061: getLocationOnScreen() always returns\n (0, 0) for mouse wheel events\n\n - S6961123, PR2972: setWMClass fails to null-terminate\n WM_CLASS string\n\n - S8008657, PR3077: JSpinner setComponentOrientation\n doesn't affect on text orientation\n\n - S8014212, PR2866: Robot captures black screen\n\n - S8029339, PR1061: Custom MultiResolution image support\n on HiDPI displays\n\n - S8031145, PR3077: Re-examine closed i18n tests to see it\n they can be moved to the jdk repository.\n\n - S8034856, PR3095: gcc warnings compiling\n src/solaris/native/sun/security/pkcs11\n\n - S8034857, PR3095: gcc warnings compiling\n src/solaris/native/sun/management\n\n - S8035054, PR3095: JarFacade.c should not include ctype.h\n\n - S8035287, PR3095: gcc warnings compiling various\n libraries files\n\n - S8038631, PR3077: Create wrapper for awt.Robot with\n additional functionality\n\n - S8039279, PR3077: Move awt tests to openjdk repository\n\n - S8041561, PR3077: Inconsistent opacity behaviour between\n JCheckBox and JRadioButton\n\n - S8041592, PR3077: [TEST_BUG] Move 42 AWT hw/lw mixing\n tests to jdk\n\n - S8041915, PR3077: Move 8 awt tests to OpenJDK regression\n tests tree\n\n - S8043126, PR3077: move awt automated functional tests\n from AWT_Events/Lw and AWT_Events/AWT to OpenJDK\n repository\n\n - S8043131, PR3077: Move ShapedAndTranslucentWindows and\n GC functional AWT tests to regression tree\n\n - S8044157, PR3077: [TEST_BUG] Improve recently submitted\n AWT_Mixing tests\n\n - S8044172, PR3077: [TEST_BUG] Move regtests for 4523758\n and AltPlusNumberKeyCombinationsTest to jdk\n\n - S8044429, PR3077: move awt automated tests for\n AWT_Modality to OpenJDK repository\n\n - S8044762, PR2960: com/sun/jdi/OptionTest.java test time\n out\n\n - S8044765, PR3077: Move functional tests\n AWT_SystemTray/Automated to openjdk repository\n\n - S8047180, PR3077: Move functional tests\n AWT_Headless/Automated to OpenJDK repository\n\n - S8047367, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 2\n\n - S8048246, PR3077: Move AWT_DnD/Clipboard/Automated\n functional tests to OpenJDK\n\n - S8049226, PR2960: com/sun/jdi/OptionTest.java test times\n out again\n\n - S8049617, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 3\n\n - S8049694, PR3077: Migrate functional\n AWT_DesktopProperties/Automated tests to OpenJDK\n\n - S8050885, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 4\n\n - S8051440, PR3077: move tests about maximizing\n undecorated to OpenJDK\n\n - S8052012, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 5\n\n - S8052408, PR3077: Move AWT_BAT functional tests to\n OpenJDK (3 of 3)\n\n - S8053657, PR3077: [TEST_BUG] move some 5 tests related\n to undecorated Frame/JFrame to JDK\n\n - S8054143, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 6\n\n - S8054358, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 7\n\n - S8054359, PR3077: move awt automated tests from\n AWT_Modality to OpenJDK repository - part 8\n\n - S8055360, PR3077: Move the rest part of AWT\n ShapedAndTranslucent tests to OpenJDK\n\n - S8055664, PR3077: move 14 tests about\n setLocationRelativeTo to jdk\n\n - S8055836, PR3077: move awt tests from AWT_Modality to\n OpenJDK repository - part 9\n\n - S8056911, PR3077: Remove internal API usage from\n ExtendedRobot class\n\n - S8057694, PR3077: move awt tests from AWT_Modality to\n OpenJDK repository - part 10\n\n - S8058959, PR1061:\n closed/java/awt/event/ComponentEvent/MovedResizedTwiceTe\n st/MovedResizedTwiceTest.java failed automatically\n\n - S8062606, PR3077: Fix a typo in java.awt.Robot class\n\n - S8063102, PR3077: Change open awt regression tests to\n avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063104, PR3077: Change open awt regression tests to\n avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8063106, PR3077: Change open swing regression tests to\n avoid sun.awt.SunToolkit.realSync, part 1\n\n - S8063107, PR3077: Change open swing regression tests to\n avoid sun.awt.SunToolkit.realSync, part 2\n\n - S8064573, PR3077: [TEST_BUG]\n javax/swing/text/AbstractDocument/6968363/Test6968363.ja\n va is asocial pressing VK_LEFT and not releasing\n\n - S8064575, PR3077: [TEST_BUG]\n javax/swing/JEditorPane/6917744/bug6917744.java 100\n times press keys and never releases\n\n - S8064809, PR3077: [TEST_BUG]\n javax/swing/JComboBox/4199622/bug4199622.java contains a\n lot of keyPress and not a single keyRelease\n\n - S8067441, PR3077: Some tests fails with error: cannot\n find symbol getSystemMnemonicKeyCodes()\n\n - S8068228, PR3077: Test\n closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameT\n est fails with GTKLookAndFeel\n\n - S8069361, PR1061: SunGraphics2D.getDefaultTransform()\n does not include scale factor\n\n - S8073320, PR1061: Windows HiDPI Graphics support\n\n - S8074807, PR3077: Fix some tests unnecessary using\n internal API\n\n - S8076315, PR3077: move 4 manual functional swing tests\n to regression suite\n\n - S8078504, PR3094: Zero lacks declaration of\n VM_Version::initialize()\n\n - S8129822, PR3077: Define 'headful' jtreg keyword\n\n - S8132123, PR1061: MultiResolutionCachedImage\n unnecessarily creates base image to get its size\n\n - S8133539, PR1061: [TEST_BUG] Split\n java/awt/image/MultiResolutionImageTest.java in two to\n allow restricted access\n\n - S8137571, PR1061: Linux HiDPI Graphics support\n\n - S8142406, PR1061: [TEST] MultiResolution image: need\n test to cover the case when @2x image is corrupted\n\n - S8145188, PR2945: No LocalVariableTable generated for\n the entire JDK\n\n - S8150258, PR1061: [TEST] HiDPI: create a test for\n multiresolution menu items icons\n\n - S8150724, PR1061: [TEST] HiDPI: create a test for\n multiresolution icons\n\n - S8150844, PR1061: [hidpi] [macosx] -Dsun.java2d.uiScale\n should be taken into account for OS X\n\n - S8151841, PR2882: Build needs additional flags to\n compile with GCC 6 [plus parts of 8149647 & 8032045]\n\n - S8155613, PR1061: [PIT] crash in\n AWT_Desktop/Automated/Exceptions/BasicTest\n\n - S8156020, PR1061: 8145547 breaks AIX and and uses\n RTLD_NOLOAD incorrectly\n\n - S8156128, PR1061: Tests for [AWT/Swing] Conditional\n support for GTK 3 on Linux\n\n - S8158260, PR2991, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions\n\n - S8159244, PR3074: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - S8159690, PR3077: [TESTBUG] Mark headful tests with @key\n headful.\n\n - S8160294, PR2882, PR3095: Some client libraries cannot\n be built with GCC 6\n\n - Bug fixes\n\n - PR1958: GTKLookAndFeel does not honor\n gtk-alternative-button-order\n\n - PR2822: Feed LIBS & CFLAGS into configure rather than\n make to avoid re-discovery by OpenJDK configure\n\n - PR2932: Support ccache in a non-automagic manner\n\n - PR2933: Support ccache 3.2 and later\n\n - PR2964: Set system defaults based on OS\n\n - PR2974, RH1337583: PKCS#10 certificate requests now use\n CRLF line endings rather than system line endings\n\n - PR3078: Remove duplicated line dating back to 6788347\n and 6894807\n\n - PR3083, RH1346460: Regression in SSL debug output\n without an ECC provider\n\n - PR3089: Remove old memory limits patch\n\n - PR3090, RH1204159: SystemTap is heavily confused by\n multiple JDKs\n\n - PR3095: Fix warnings in URLClassPath.c\n\n - PR3096: Remove dead --disable-optimizations option\n\n - PR3105: Use version from hotspot.map to create tarball\n filename\n\n - PR3106: Handle both correctly-spelt property\n 'enableCustomValueHandler' introduced by S8079718 and\n typo version\n\n - PR3108: Shenandoah patches not included in release\n tarball\n\n - PR3110: Update hotspot.map documentation in INSTALL\n\n - Fix script linking /usr/share/javazi/tzdb.dat for\n platform where it applies (boo#987895)\n\n - Fix aarch64 running with 48 bits va space (boo#984684)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.101-30.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_8_0-openjdk-src-1.8.0.101-30.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:15", "description": "The version of Oracle Java SE installed on the remote host is prior to 6 Update 121, 7 Update 111, or 8 Update 102 and is affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the 'CORBA' subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3458)\n - An unspecified flaw exists in the 'Networking' subcomponent that allows a local attacker to impact integrity. (CVE-2016-3485)\n - An unspecified flaw exists in the 'JavaFX' subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3498)\n - An unspecified flaw exists in the 'JAXP' subcomponent that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3500, CVE-2016-3508)\n - An unspecified flaw exists in the 'Install' subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3503, CVE-2016-3552)\n - An unspecified flaw exists in the 'Deployment' subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3511)\n - An unspecified flaw exists in the 'Hotspot' subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3550)\n - A flaw exists in the 'Hotspot' subcomponent due to improper access to the 'MethodHandle::invokeBasic()' function. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3587)\n - A flaw exists in the 'Libraries' subcomponent within the 'MethodHandles::dropArguments()' function that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3598)\n - A flaw exists in the 'Hotspot' subcomponent within the 'ClassVerifier::ends_in_athrow()' function when handling bytecode verification. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2016-3606)\n - An unspecified flaw exists in the 'Libraries' subcomponent that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3610)", "cvss3": {}, "published": "2016-08-09T00:00:00", "type": "nessus", "title": "Oracle Java SE 6 < Update 121 / 7 < Update 111 / 8 < Update 102 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:oracle:java_se"], "id": "9449.PRM", "href": "https://www.tenable.com/plugins/nnm/9449", "sourceData": "Binary data 9449.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T15:03:34", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.{util, x509, pkcs} classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries available in the OS\n\n - S7192202: Make sure keytool prints both unknown and unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n\n - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n\n - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n\n - S8151841, PR3098: Build needs additional flags to compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal Certificates.java f ailing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version numbers\n\n - S8162344: The API changes made by CR 7064075 need to be reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color management\n\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr ofileTest.java fail s with java.io.StreamCorruptedException: invalid type code: EE since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() (uint)MaxNodeLimit) failed: Live Node limit exceeded limit\n\n - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit\n\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)</clinit>\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1997-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1997-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93272);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:1997-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.{util, x509, pkcs}\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java f ailing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fail s with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes()\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space\n (bsc#984684)</clinit>\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3458/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3498/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3508/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3511/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3598/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3610/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161997-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2041c177\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1186=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1186=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-33.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-26T15:36:04", "description": "An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 12 September 2016] This advisory has been updated to push packages into the Oracle Java for Red Hat Enterprise Linux 6 Compute Node channels. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.\n\nOracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 8 to version 8 Update 101.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3552", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2"], "id": "REDHAT-RHSA-2016-1475.NASL", "href": "https://www.tenable.com/plugins/nessus/92508", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1475. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92508);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3552\", \"CVE-2016-3587\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n script_xref(name:\"RHSA\", value:\"2016:1475\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 12 September 2016] This advisory has been updated to push\npackages into the Oracle Java for Red Hat Enterprise Linux 6 Compute\nNode channels. The packages included in this revised update have not\nbeen changed in any way from the packages included in the original\nadvisory.\n\nOracle Java SE version 8 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 8 to version 8 Update 101.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page, listed in the References\nsection. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503,\nCVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552,\nCVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?453b5f8c\"\n );\n # http://www.oracle.com/technetwork/java/javase/8u101-relnotes-3021761.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92867054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3610\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1475\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.101-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.101-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.101-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.101-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.101-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.101-1jpp.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-oracle / java-1.8.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T15:02:15", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs) classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries available in the OS\n\n - S7192202: Make sure keytool prints both unknown and unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n\n - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n\n - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n\n - S8151841, PR3098: Build needs additional flags to compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version numbers\n\n - S8162344: The API changes made by CR 7064075 need to be reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color management\n\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr ofileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit\n\n - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit\n\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-08-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-977.NASL", "href": "https://www.tenable.com/plugins/nessus/92978", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-977.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92978);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)\");\n script_summary(english:\"Check for the openSUSE-2016-977 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs)\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fails with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\n\n - Enable SunEC for SLE12 and Leap (bsc#982366)\n\n - Fix aarch64 running with 48 bits va space (bsc#984684)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.111-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"java-1_7_0-openjdk-src-1.7.0.111-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk-bootstrap / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:21", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459)\n\n - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471)\n\n - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3614)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-11T00:00:00", "type": "nessus", "title": "Oracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3471", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3521", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5444", "CVE-2016-8288"], "modified": "2020-06-03T00:00:00", "cpe": ["cpe:/a:oracle:mysql", "p-cpe:/a:amazon:linux:mysql", "p-cpe:/a:centos:centos:mysql", "p-cpe:/a:fedoraproject:fedora:mysql", "p-cpe:/a:fermilab:scientific_linux:mysql", "p-cpe:/a:novell:opensuse:mysql", "p-cpe:/a:novell:suse_linux:mysql", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql"], "id": "MYSQL_5_6_31_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/91996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91996);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/03\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-3452\",\n \"CVE-2016-3459\",\n \"CVE-2016-3471\",\n \"CVE-2016-3477\",\n \"CVE-2016-3486\",\n \"CVE-2016-3501\",\n \"CVE-2016-3521\",\n \"CVE-2016-3614\",\n \"CVE-2016-3615\",\n \"CVE-2016-5439\",\n \"CVE-2016-5440\",\n \"CVE-2016-5444\",\n \"CVE-2016-8288\"\n );\n script_bugtraq_id(\n 89757,\n 91902,\n 91913,\n 91932,\n 91943,\n 91949,\n 91953,\n 91960,\n 91969,\n 91980,\n 91987,\n 91992,\n 91999,\n 93740\n );\n\n script_name(english:\"Oracle MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.31. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3459)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3471)\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3501)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3614)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Privileges\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin\n subcomponent that allows an authenticated, remote\n attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB\n memcached plugin due to improper validation of\n user-supplied input. An authenticated, remote attacker\n can exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when\n invoking Enterprise Encryption functions in multiple\n threads simultaneously or after creating and dropping\n them. An authenticated, remote attacker can exploit this\n to crash the database, resulting in a denial of service\n condition.\n\n - An unspecified flaw exists that is triggered when\n handling a 'SELECT ... GROUP BY ... FOR UPDATE' query\n executed with a loose index scan. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\");\n # http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3089849.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42cde00c\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3235388.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453a538d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.oracle.com/rs?type=doc&id=2157431.1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3471\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/11\");\n\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n script_require_ports(\"Host/RedHat/release\", \"Host/AmazonLinux/release\", \"Host/SuSE/release\", \"Host/CentOS/release\");\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nfix_version = \"5.6.31\";\nexists_version = \"5.6\";\n\nmysql_check_rpms(mysql_packages:default_mysql_rpm_list_server_only, fix_ver:fix_version, exists_ver:exists_version, rhel_os_list:default_mysql_rhel_os_list, centos_os_list:default_mysql_centos_os_list, suse_os_list:default_mysql_suse_os_list, ala_os_list:default_mysql_ala_os_list, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:41", "description": "The version of MySQL running on the remote host is 5.6.x prior to 5.6.31. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - An unspecified flaw exists in the InnoDB subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3459)\n\n - An unspecified flaw exists in the Options subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3471)\n\n - An unspecified flaw exists in the Parser subcomponent that allows a local attacker to gain elevated privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Optimizer subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3501)\n\n - An unspecified flaw exists in the Types subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the Security: Encryption subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3614)\n\n - An unspecified flaw exists in the DML subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Privileges subcomponent that allows an authenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Connection subcomponent that allows an unauthenticated, remote attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin subcomponent that allows an authenticated, remote attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple overflow conditions exist due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser structure that is triggered during the validation of stored procedure names. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB memcached plugin due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when invoking Enterprise Encryption functions in multiple threads simultaneously or after creating and dropping them. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\n - An unspecified flaw exists that is triggered when handling a 'SELECT ... GROUP BY ... FOR UPDATE' query executed with a loose index scan. An authenticated, remote attacker can exploit this to crash the database, resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-20T00:00:00", "type": "nessus", "title": "MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2105", "CVE-2016-3452", "CVE-2016-3459", "CVE-2016-3471", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3521", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5439", "CVE-2016-5440", "CVE-2016-5444", "CVE-2016-8288"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_6_31.NASL", "href": "https://www.tenable.com/plugins/nessus/91995", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91995);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-2105\",\n \"CVE-2016-3452\",\n \"CVE-2016-3459\",\n \"CVE-2016-3471\",\n \"CVE-2016-3477\",\n \"CVE-2016-3486\",\n \"CVE-2016-3501\",\n \"CVE-2016-3521\",\n \"CVE-2016-3614\",\n \"CVE-2016-3615\",\n \"CVE-2016-5439\",\n \"CVE-2016-5440\",\n \"CVE-2016-5444\",\n \"CVE-2016-8288\"\n );\n script_bugtraq_id(\n 89757,\n 91902,\n 91913,\n 91932,\n 91943,\n 91949,\n 91953,\n 91960,\n 91969,\n 91980,\n 91987,\n 91992,\n 91999,\n 93740\n );\n\n script_name(english:\"MySQL 5.6.x < 5.6.31 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of MySQL server.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MySQL running on the remote host is 5.6.x prior to\n5.6.31. It is, therefore, affected by multiple vulnerabilities :\n\n - A heap buffer overflow condition exists in the\n EVP_EncodeUpdate() function within file\n crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-3452)\n\n - An unspecified flaw exists in the InnoDB subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3459)\n\n - An unspecified flaw exists in the Options subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3471)\n\n - An unspecified flaw exists in the Parser subcomponent\n that allows a local attacker to gain elevated\n privileges. (CVE-2016-3477)\n\n - An unspecified flaw exists in the FTS subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3486)\n\n - An unspecified flaw exists in the Optimizer subcomponent\n that allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3501)\n\n - An unspecified flaw exists in the Types subcomponent\n that allows an authenticated, remote attacker to cause\n a denial of service condition. (CVE-2016-3521)\n\n - An unspecified flaw exists in the Security: Encryption\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3614)\n\n - An unspecified flaw exists in the DML subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-3615)\n\n - An unspecified flaw exists in the Privileges\n subcomponent that allows an authenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-5439)\n\n - An unspecified flaw exists in the RBR subcomponent that\n allows an authenticated, remote attacker to cause a\n denial of service condition. (CVE-2016-5440)\n\n - An unspecified flaw exists in the Connection\n subcomponent that allows an unauthenticated, remote\n attacker to disclose sensitive information.\n (CVE-2016-5444)\n\n - An unspecified flaw exists in the InnoDB Plugin\n subcomponent that allows an authenticated, remote\n attacker to impact integrity. (CVE-2016-8288)\n\n - Multiple overflow conditions exist due to improper\n validation of user-supplied input. An authenticated,\n remote attacker can exploit these issues to cause a\n denial of service condition or the execution of\n arbitrary code.\n\n - A NULL pointer dereference flaw exists in a parser\n structure that is triggered during the validation of\n stored procedure names. An authenticated, remote\n attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\n - Multiple overflow conditions exist in the InnoDB\n memcached plugin due to improper validation of\n user-supplied input. An authenticated, remote attacker\n can exploit these issues to cause a denial of service\n condition or the execution of arbitrary code.\n\n - An unspecified flaw exists that is triggered when\n invoking Enterprise Encryption functions in multiple\n threads simultaneously or after creating and dropping\n them. An authenticated, remote attacker can exploit this\n to crash the database, resulting in a denial of service\n condition.\n\n - An unspecified flaw exists that is triggered when\n handling a 'SELECT ... GROUP BY ... FOR UPDATE' query\n executed with a loose index scan. An authenticated,\n remote attacker can exploit this to crash the database,\n resulting in a denial of service condition.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n # http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bac902d5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 5.6.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3471\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude(\"mysql_version.inc\");\n\nmysql_check_version(fixed:'5.6.31', min:'5.6', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T15:02:23", "description": "Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)", "cvss3": {}, "published": "2016-08-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-982.NASL", "href": "https://www.tenable.com/plugins/nessus/92992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-982.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92992);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : OpenJDK7 (openSUSE-2016-982)\");\n script_summary(english:\"Check for the openSUSE-2016-982 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected OpenJDK7 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.111-24.39.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"java-1_7_0-openjdk-src-1.7.0.111-24.39.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk / java-1_7_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-25T15:01:24", "description": "This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows only) (bsc#989734)\n\n - S8147771: Construction of static protection domains under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs) classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries available in the OS\n\n - S7192202: Make sure keytool prints both unknown and unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer framework.\n\n - S8022228: Intermittent test failures in sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails intermittently\n\n - S8036612: [parfait] JNI exception pending in jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names incorrectly\n\n - S8151841, PR3098: Build needs additional flags to compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version numbers\n\n - S8162344: The API changes made by CR 7064075 need to be reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color management\n\n - S8005530, PR3020: [lcms] Improve performance of ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr ofileTest.java fails with java.io.StreamCorruptedException: invalid type code: EE since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() < (uint)MaxNodeLimit) failed: Live Node limit exceeded limit\n\n - S8019247, PR3075: SIGSEGV in compiled method c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for Java_awt test suit\n\n - S8047066, PR3020: Test test/sun/awt/image/bug8038000.java fails with ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where linux.fontconfig.Gentoo.properties.old has not been created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate instructions are never emitted", "cvss3": {}, "published": "2016-08-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3485", "CVE-2016-3498", "CVE-2016-3500", "CVE-2016-3503", "CVE-2016-3508", "CVE-2016-3511", "CVE-2016-3550", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-976.NASL", "href": "https://www.tenable.com/plugins/nessus/92932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-976.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92932);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-3458\", \"CVE-2016-3485\", \"CVE-2016-3498\", \"CVE-2016-3500\", \"CVE-2016-3503\", \"CVE-2016-3508\", \"CVE-2016-3511\", \"CVE-2016-3550\", \"CVE-2016-3598\", \"CVE-2016-3606\", \"CVE-2016-3610\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)\");\n script_summary(english:\"Check for the openSUSE-2016-976 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-openjdk fixes the following issues :\n\n - Update to 2.6.7 - OpenJDK 7u111\n\n - Security fixes\n\n - S8079718, CVE-2016-3458: IIOP Input Stream Hooking\n (bsc#989732)\n\n - S8145446, CVE-2016-3485: Perfect pipe placement (Windows\n only) (bsc#989734)\n\n - S8147771: Construction of static protection domains\n under Javax custom policy\n\n - S8148872, CVE-2016-3500: Complete name checking\n (bsc#989730)\n\n - S8149962, CVE-2016-3508: Better delineation of XML\n processing (bsc#989731)\n\n - S8150752: Share Class Data\n\n - S8151925: Font reference improvements\n\n - S8152479, CVE-2016-3550: Coded byte streams (bsc#989733)\n\n - S8155981, CVE-2016-3606: Bolster bytecode verification\n (bsc#989722)\n\n - S8155985, CVE-2016-3598: Persistent Parameter Processing\n (bsc#989723)\n\n - S8158571, CVE-2016-3610: Additional method handle\n validation (bsc#989725)\n\n - CVE-2016-3511 (bsc#989727)\n\n - CVE-2016-3503 (bsc#989728)\n\n - CVE-2016-3498 (bsc#989729)\n\n - Import of OpenJDK 7 u111 build 0\n\n - S6953295: Move few sun.security.(util, x509, pkcs)\n classes used by keytool/jarsigner to another package\n\n - S7060849: Eliminate pack200 build warnings\n\n - S7064075: Security libraries don't build with javac\n -Xlint:all,-deprecation -Werror\n\n - S7069870: Parts of the JDK erroneously rely on generic\n array initializers with diamond\n\n - S7102686: Restructure timestamp code so that jars and\n modules can more easily share the same code\n\n - S7105780: Add SSLSocket client/SSLEngine server to\n templates directory\n\n - S7142339: PKCS7.java is needlessly creating SHA1PRNG\n SecureRandom instances when timestamping is not done\n\n - S7152582: PKCS11 tests should use the NSS libraries\n available in the OS\n\n - S7192202: Make sure keytool prints both unknown and\n unparseable extensions\n\n - S7194449: String resources for Key Tool and Policy Tool\n should be in their respective packages\n\n - S7196855: autotest.sh fails on ubuntu because\n libsoftokn.so not found\n\n - S7200682: TEST_BUG: keytool/autotest.sh still has\n problems with libsoftokn.so\n\n - S8002306: (se) Selector.open fails if invoked with\n thread interrupt status set [win]\n\n - S8009636: JARSigner including TimeStamp PolicyID\n (TSAPolicyID) as defined in RFC3161\n\n - S8019341: Update CookieHttpsClientTest to use the newer\n framework.\n\n - S8022228: Intermittent test failures in\n sun/security/ssl/javax/net/ssl/NewAPIs\n\n - S8022439: Fix lint warnings in sun.security.ec\n\n - S8022594: Potential deadlock in <clinit> of\n sun.nio.ch.Util/IOUtil\n\n - S8023546: sun/security/mscapi/ShortRSAKey1024.sh fails\n intermittently\n\n - S8036612: [parfait] JNI exception pending in\n jdk/src/windows/native/sun/security/mscapi/security.cpp\n\n - S8037557: test SessionCacheSizeTests.java timeout\n\n - S8038837: Add support to jarsigner for specifying\n timestamp hash algorithm\n\n - S8079410: Hotspot version to share the same update and\n build version from JDK\n\n - S8130735: javax.swing.TimerQueue: timer fires late when\n another timer starts\n\n - S8139436: sun.security.mscapi.KeyStore might load\n incomplete data\n\n - S8144313: Test SessionTimeOutTests can be timeout\n\n - S8146387: Test SSLSession/SessionCacheSizeTests socket\n accept timed out\n\n - S8146669: Test SessionTimeOutTests fails intermittently\n\n - S8146993: Several javax/management/remote/mandatory\n regression tests fail after JDK-8138811\n\n - S8147857: [TEST] RMIConnector logs attribute names\n incorrectly\n\n - S8151841, PR3098: Build needs additional flags to\n compile with GCC 6\n\n - S8151876: (tz) Support tzdata2016d\n\n - S8157077: 8u101 L10n resource file updates\n\n - S8161262: Fix jdk build with gcc 4.1.2:\n -fno-strict-overflow not known.\n\n - Import of OpenJDK 7 u111 build 1\n\n - S7081817:\n test/sun/security/provider/certpath/X509CertPath/Illegal\n Certificates.java failing\n\n - S8140344: add support for 3 digit update release numbers\n\n - S8145017: Add support for 3 digit hotspot minor version\n numbers\n\n - S8162344: The API changes made by CR 7064075 need to be\n reverted\n\n - Backports\n\n - S2178143, PR2958: JVM crashes if the number of bound\n CPUs changed during runtime\n\n - S4900206, PR3101: Include worst-case rounding tests for\n Math library functions\n\n - S6260348, PR3067: GTK+ L&F JTextComponent not respecting\n desktop caret blink rate\n\n - S6934604, PR3075: enable parts of EliminateAutoBox by\n default\n\n - S7043064, PR3020: sun/java2d/cmm/ tests failed against\n RI b141 & b138-nightly\n\n - S7051394, PR3020: NullPointerException when running\n regression tests LoadProfileTest by using openjdk-7-b144\n\n - S7086015, PR3013: fix\n test/tools/javac/parser/netbeans/JavacParserTest.java\n\n - S7119487, PR3013: JavacParserTest.java test fails on\n Windows platforms\n\n - S7124245, PR3020: [lcms] ColorConvertOp to color space\n CS_GRAY apparently converts orange to 244,244,0\n\n - S7159445, PR3013: (javac) emits inaccurate diagnostics\n for enhanced for-loops\n\n - S7175845, PR1437, RH1207129: 'jar uf' changes file\n permissions unexpectedly\n\n - S8005402, PR3020: Need to provide benchmarks for color\n management\n\n - S8005530, PR3020: [lcms] Improve performance of\n ColorConverOp for default destinations\n\n - S8005930, PR3020: [lcms] ColorConvertOp: Alpha channel\n is not transferred from source to destination.\n\n - S8013430, PR3020: REGRESSION:\n closed/java/awt/color/ICC_Profile/LoadProfileTest/LoadPr\n ofileTest.java fails with\n java.io.StreamCorruptedException: invalid type code: EE\n since 8b87\n\n - S8014286, PR3075: failed java/lang/Math/DivModTests.java\n after 6934604 changes\n\n - S8014959, PR3075:\n assert(Compile::current()->live_nodes() <\n (uint)MaxNodeLimit) failed: Live Node limit exceeded\n limit\n\n - S8019247, PR3075: SIGSEGV in compiled method\n c8e.e.t_.getArray(Ljava/lang/Class;)[Ljava/lang/Object\n\n - S8024511, PR3020: Crash during color profile destruction\n\n - S8025429, PR3020: [parfait] warnings from b107 for\n sun.java2d.cmm: JNI exception pending\n\n - S8026702, PR3020: Fix for 8025429 breaks jdk build on\n windows\n\n - S8026780, PR3020, RH1142587: Crash on PPC and PPC v2 for\n Java_awt test suit\n\n - S8047066, PR3020: Test\n test/sun/awt/image/bug8038000.java fails with\n ClassCastException\n\n - S8069181, PR3012, RH1015612: java.lang.AssertionError\n when compiling JDK 1.4 code in JDK 8\n\n - S8158260, PR2992, RH1341258: PPC64: unaligned\n Unsafe.getInt can lead to the generation of illegal\n instructions (bsc#988651)\n\n - S8159244, PR3075: Partially initialized string object\n created by C2's string concat optimization may escape\n\n - Bug fixes\n\n - PR2799, RH1195203: Files are missing from resources.jar\n\n - PR2900: Don't use WithSeed versions of NSS functions as\n they don't fully process the seed\n\n - PR3091: SystemTap is heavily confused by multiple JDKs\n\n - PR3102: Extend 8022594 to AixPollPort\n\n - PR3103: Handle case in clean-fonts where\n linux.fontconfig.Gentoo.properties.old has not been\n created\n\n - PR3111: Provide option to disable SystemTap tests\n\n - PR3114: Don't assume system mime.types supports\n text/x-java-source\n\n - PR3115: Add check for elliptic curve cryptography\n implementation\n\n - PR3116: Add tests for Java debug info and source files\n\n - PR3118: Path to agpl-3.0.txt not updated\n\n - PR3119: Makefile handles cacerts as a symlink, but the\n configure check doesn't\n\n - AArch64 port\n\n - S8148328, PR3100: aarch64: redundant lsr instructions in\n stub code.\n\n - S8148783, PR3100: aarch64: SEGV running SpecJBB2013\n\n - S8148948, PR3100: aarch64: generate_copy_longs calls\n align() incorrectly\n\n - S8150045, PR3100: arraycopy causes segfaults in SATB\n during garbage collection\n\n - S8154537, PR3100: AArch64: some integer rotate\n instructions are never emitted\n\n - S8154739, PR3100: AArch64: TemplateTable::fast_xaccess\n loads in wrong mode\n\n - S8157906, PR3100: aarch64: some more integer rotate\n instructions are never emitted\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-bootstrap-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-accessibility-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-devel-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-headless-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-headless-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-headless-debuginfo-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.111-25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"java-1_7_0-openjdk-src-1.7.0.111-25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk-bootstrap / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:25", "description": "The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist in the Oracle Outside In libraries. An unauthenticated, remote attacker can exploit these, via a specially crafted email, to execute arbitrary code.\n (CVE-2015-6014, CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596)\n\n - An unspecified information disclosure vulnerability exists in the Oracle Outside In libraries that allows an attacker to disclose sensitive information.\n (CVE-2016-3574)\n\n - Multiple denial of service vulnerabilities exists in the Oracle Outside In libraries. (CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590)\n\n - An information disclosure vulnerability exists due to improper parsing of certain unstructured file formats.\n An unauthenticated, remote attacker can exploit this, via a crafted email using 'send as' rights, to disclose confidential user information. (CVE-2016-0138)\n\n - An open redirect vulnerability exists due to improper handling of open redirect requests. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to redirect the user to a malicious website that spoofs a legitimate one.\n (CVE-2016-3378)\n\n - An elevation of privilege vulnerability exists due to improper handling of meeting invitation requests. An unauthenticated, remote attacker can exploit this, via a specially crafted Outlook meeting invitation request, to gain elevated privileges. (CVE-2016-3379)", "cvss3": {}, "published": "2016-09-13T00:00:00", "type": "nessus", "title": "MS16-108: Security Update for Microsoft Exchange Server (3185883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6014", "CVE-2016-0138", "CVE-2016-3378", "CVE-2016-3379", "CVE-2016-3574", "CVE-2016-3575", "CVE-2016-3576", "CVE-2016-3577", "CVE-2016-3578", "CVE-2016-3579", "CVE-2016-3580", "CVE-2016-3581", "CVE-2016-3582", "CVE-2016-3583", "CVE-2016-3590", "CVE-2016-3591", "CVE-2016-3592", "CVE-2016-3593", "CVE-2016-3594", "CVE-2016-3595", "CVE-2016-3596"], "modified": "2021-04-20T00:00:00", "cpe": ["cpe:/a:microsoft:exchange_server"], "id": "SMB_NT_MS16-108.NASL", "href": "https://www.tenable.com/plugins/nessus/93467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93467);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2015-6014\",\n \"CVE-2016-0138\",\n \"CVE-2016-3378\",\n \"CVE-2016-3379\",\n \"CVE-2016-3574\",\n \"CVE-2016-3575\",\n \"CVE-2016-3576\",\n \"CVE-2016-3577\",\n \"CVE-2016-3578\",\n \"CVE-2016-3579\",\n \"CVE-2016-3580\",\n \"CVE-2016-3581\",\n \"CVE-2016-3582\",\n \"CVE-2016-3583\",\n \"CVE-2016-3590\",\n \"CVE-2016-3591\",\n \"CVE-2016-3592\",\n \"CVE-2016-3593\",\n \"CVE-2016-3594\",\n \"CVE-2016-3595\",\n \"CVE-2016-3596\"\n );\n script_bugtraq_id(\n 81233,\n 91908,\n 91914,\n 91921,\n 91923,\n 91924,\n 91925,\n 91927,\n 91929,\n 91931,\n 91933,\n 91934,\n 91935,\n 91936,\n 91937,\n 91939,\n 91940,\n 91942,\n 92806,\n 92833,\n 92836\n );\n script_xref(name:\"MSFT\", value:\"MS16-108\");\n script_xref(name:\"MSKB\", value:\"3184711\");\n script_xref(name:\"MSKB\", value:\"3184728\");\n script_xref(name:\"MSKB\", value:\"3184736\");\n\n script_name(english:\"MS16-108: Security Update for Microsoft Exchange Server (3185883)\");\n script_summary(english:\"Checks the version of ExSetup.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Microsoft Exchange Server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Microsoft Exchange Server is missing a security update. It\nis, therefore, affected by multiple vulnerabilities :\n\n - Multiple remote code execution vulnerabilities exist in\n the Oracle Outside In libraries. An unauthenticated,\n remote attacker can exploit these, via a specially\n crafted email, to execute arbitrary code.\n (CVE-2015-6014, CVE-2016-3575, CVE-2016-3581,\n CVE-2016-3582, CVE-2016-3583, CVE-2016-3591,\n CVE-2016-3592, CVE-2016-3593, CVE-2016-3594,\n CVE-2016-3595, CVE-2016-3596)\n\n - An unspecified information disclosure vulnerability\n exists in the Oracle Outside In libraries that allows an\n attacker to disclose sensitive information.\n (CVE-2016-3574)\n\n - Multiple denial of service vulnerabilities exists in the\n Oracle Outside In libraries. (CVE-2016-3576,\n CVE-2016-3577, CVE-2016-3578, CVE-2016-3579,\n CVE-2016-3580, CVE-2016-3590)\n\n - An information disclosure vulnerability exists due to\n improper parsing of certain unstructured file formats.\n An unauthenticated, remote attacker can exploit this,\n via a crafted email using 'send as' rights, to disclose\n confidential user information. (CVE-2016-0138)\n\n - An open redirect vulnerability exists due to improper\n handling of open redirect requests. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to click a specially crafted URL, to redirect the user\n to a malicious website that spoofs a legitimate one.\n (CVE-2016-3378)\n\n - An elevation of privilege vulnerability exists due to\n improper handling of meeting invitation requests. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted Outlook meeting invitation request,\n to gain elevated privileges. (CVE-2016-3379)\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-108\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e520324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Exchange Server 2007,\n2010, 2013, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:exchange_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_exchange_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nexit_if_productname_not_server();\n\nbulletin = 'MS16-108';\nkbs = make_list(\"3184711\", \"3184728\", \"3184736\");\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\ninstall = get_single_install(app_name:\"Microsoft Exchange\");\n\npath = install[\"path\"];\nversion = install[\"version\"];\nrelease = install[\"RELEASE\"];\nif (release != 80 && release != 140 && release != 150 && release != 151)\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);\n\nif (!empty_or_null(install[\"SP\"]))\n sp = install[\"SP\"];\nif (!empty_or_null(install[\"CU\"]))\n cu = install[\"CU\"];\n\nif (((release == 150 || release == 151) && isnull(cu)) ||\n (release == 150 && cu != 4 && cu != 12 && cu != 13) ||\n (release == 151 && cu != 1 && cu != 2))\n audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);\n\nif (release == 80)\n{\n kb = \"3184711\";\n if (!empty_or_null(sp) && sp == 3)\n fixedver = \"8.3.485.1\";\n}\nelse if (release == 140)\n{\n kb = \"3184728\";\n if (!empty_or_null(sp) && sp == 3)\n fixedver = \"14.3.319.2\";\n}\nelse if (release == 150) # 2013 SP1 AKA CU4\n{\n kb = \"3184736\";\n if (cu == 4)\n fixedver = \"15.0.847.50\";\n else if (cu == 12)\n fixedver = \"15.0.1178.9\";\n else if (cu == 13)\n fixedver = \"15.0.1210.6\";\n}\nelse if (release == 151) # Exchange Server 2016\n{\n kb = \"3184736\";\n if (cu == 1)\n fixedver = \"15.1.396.37\";\n else if (cu == 2)\n fixedver = \"15.1.466.37\";\n}\n\nif (fixedver && hotfix_is_vulnerable(path:hotfix_append_path(path:path, value:\"Bin\"), file:\"ExSetup.exe\", version:fixedver, bulletin:bulletin, kb:kb))\n{\n set_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:17", "description": "The remote Oracle Database Server is missing the July 2016 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the RDBMS HTTPS Listener package due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2016-3448)\n\n - An unspecified vulnerability exists in the Application Express component that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3467)\n\n - An unspecified vulnerability exists in the Portable Clusterware component that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2016-3479)\n\n - An unspecified vulnerability exists in the Database Vault component that allows a local attacker to impact confidentiality and integrity. (CVE-2016-3484)\n\n - An unspecified vulnerability exists in the DB Sharding component that allows a local attacker to impact integrity. (CVE-2016-3488)\n\n - An unspecified vulnerability exists in the Data Pump Import component that allows a local attacker to to gain elevated privileges. (CVE-2016-3489)\n\n - An unspecified vulnerability exists in the JDBC component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-3506)\n\n - An unspecified vulnerability exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. (CVE-2016-3609)", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "nessus", "title": "Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0204", "CVE-2016-3448", "CVE-2016-3467", "CVE-2016-3479", "CVE-2016-3484", "CVE-2016-3488", "CVE-2016-3489", "CVE-2016-3506", "CVE-2016-3609"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JUL_2016.NASL", "href": "https://www.tenable.com/plugins/nessus/92522", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92522);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-0204\",\n \"CVE-2016-3448\",\n \"CVE-2016-3467\",\n \"CVE-2016-3479\",\n \"CVE-2016-3484\",\n \"CVE-2016-3488\",\n \"CVE-2016-3489\",\n \"CVE-2016-3506\",\n \"CVE-2016-3609\"\n );\n script_bugtraq_id(\n 71936,\n 91842,\n 91867,\n 91874,\n 91885,\n 91890,\n 91894,\n 91898,\n 91905\n );\n script_xref(name:\"CERT\", value:\"243585\");\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Database Server is missing the July 2016 Critical\nPatch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities :\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists in the\n RDBMS HTTPS Listener package due to the support of weak\n EXPORT_RSA cipher suites with keys less than or equal to\n 512 bits. A man-in-the-middle attacker may be able to\n downgrade the SSL/TLS connection to use EXPORT_RSA\n cipher suites which can be factored in a short amount of\n time, allowing the attacker to intercept and decrypt the\n traffic. (CVE-2015-0204)\n\n - An unspecified vulnerability exists in the Application\n Express component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2016-3448)\n\n - An unspecified vulnerability exists in the Application\n Express component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2016-3467)\n\n - An unspecified vulnerability exists in the Portable\n Clusterware component that allows an unauthenticated,\n remote attacker to cause a denial of service condition.\n (CVE-2016-3479)\n\n - An unspecified vulnerability exists in the Database\n Vault component that allows a local attacker to impact\n confidentiality and integrity. (CVE-2016-3484)\n\n - An unspecified vulnerability exists in the DB Sharding\n component that allows a local attacker to impact\n integrity. (CVE-2016-3488)\n\n - An unspecified vulnerability exists in the Data Pump\n Import component that allows a local attacker to to gain\n elevated privileges. (CVE-2016-3489)\n\n - An unspecified vulnerability exists in the JDBC\n component that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2016-3506)\n\n - An unspecified vulnerability exists in the OJVM\n component that allows an authenticated, remote attacker\n to execute arbitrary code. (CVE-2016-3609)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"oracle_rdbms_cpu_func.inc\");\n\n################################################################################\n# JUL2016\npatches = make_nested_array();\n\n# RDBMS 12.1.0.2\npatches[\"12.1.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.160719\", \"CPU\", \"23054246, 23144544\");\npatches[\"12.1.0.2\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.160719\", \"CPU\", \"23530387\");\n# RDBMS 12.1.0.1 #\npatches[\"12.1.0.1\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.160719\", \"CPU\", \"23054354\");\npatches[\"12.1.0.1\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.160719\", \"CPU\", \"23530410\");\n# RDBMS 11.2.0.4 #\npatches[\"11.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.160719\", \"CPU\", \"23177648, 23054359\");\npatches[\"11.2.0.4\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.160719\", \"CPU\", \"23530402\");\n\n# JVM 12.1.0.2\npatches[\"12.1.0.2\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.160719\", \"CPU\", \"23177536\");\npatches[\"12.1.0.2\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.160719\", \"CPU\", \"23515290\");\n# JVM 12.1.0.1\npatches[\"12.1.0.1\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.160719\", \"CPU\", \"23177541\");\npatches[\"12.1.0.1\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.160719\", \"CPU\", \"23515285\");\n# JVM 11.2.0.4\npatches[\"11.2.0.4\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.160719\", \"CPU\", \"23177551\");\npatches[\"11.2.0.4\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.160719\", \"CPU\", \"23515277\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:24", "description": "Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. (CVE-2016-5440)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. (CVE-2016-3459)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. (CVE-2016-5439)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. (CVE-2016-3477)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. (CVE-2016-3614)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. (CVE-2016-3615)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. (CVE-2016-3521)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. (CVE-2016-3486)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. (CVE-2016-3501)", "cvss3": {}, "published": "2016-08-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : mysql56 (ALAS-2016-737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3459", "CVE-2016-3477", "CVE-2016-3486", "CVE-2016-3501", "CVE-2016-3521", "CVE-2016-3614", "CVE-2016-3615", "CVE-2016-5439", "CVE-2016-5440"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mysql56", "p-cpe:/a:amazon:linux:mysql56-bench", "p-cpe:/a:amazon:linux:mysql56-common", "p-cpe:/a:amazon:linux:mysql56-debuginfo", "p-cpe:/a:amazon:linux:mysql56-devel", "p-cpe:/a:amazon:linux:mysql56-embedded", "p-cpe:/a:amazon:linux:mysql56-embedded-devel", "p-cpe:/a:amazon:linux:mysql56-errmsg", "p-cpe:/a:amazon:linux:mysql56-libs", "p-cpe:/a:amazon:linux:mysql56-server", "p-cpe:/a:amazon:linux:mysql56-test", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-737.NASL", "href": "https://www.tenable.com/plugins/nessus/93015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-737.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93015);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-3459\", \"CVE-2016-3477\", \"CVE-2016-3486\", \"CVE-2016-3501\", \"CVE-2016-3521\", \"CVE-2016-3614\", \"CVE-2016-3615\", \"CVE-2016-5439\", \"CVE-2016-5440\");\n script_xref(name:\"ALAS\", value:\"2016-737\");\n\n script_name(english:\"Amazon Linux AMI : mysql56 (ALAS-2016-737)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: RBR. (CVE-2016-5440)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: InnoDB. (CVE-2016-3459)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote administrators to affect availability via vectors related to\nServer: Privileges. (CVE-2016-5439)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nlocal users to affect confidentiality, integrity, and availability via\nvectors related to Server: Parser. (CVE-2016-3477)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Security: Encryption. (CVE-2016-3614)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: DML. (CVE-2016-3615)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Types. (CVE-2016-3521)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: FTS. (CVE-2016-3486)\n\nUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier allows\nremote authenticated users to affect availability via vectors related\nto Server: Optimizer. (CVE-2016-3501)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-737.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mysql56' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-bench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mysql56-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-bench-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-common-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-debuginfo-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-devel-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-embedded-devel-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-errmsg-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-libs-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-server-5.6.32-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mysql56-test-5.6.32-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql56 / mysql56-bench / mysql56-common / mysql56-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:53", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2016-2105 - possible overflow in base64 encoding\n\n - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate\n\n - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC\n\n - fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n\n - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO\n\n - fix CVE-2016-0799 - memory issues in BIO_printf\n\n - fix CVE-2016-0702 - side channel attack on modular exponentiation\n\n - fix CVE-2016-0705 - double-free in DSA private key parsing\n\n - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn\n\n - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n\n - disable SSLv2 in the generic TLS method\n\n - fix 1-byte memory leak in pkcs12 parse (#1229871)\n\n - document some options of the speed command (#1197095)\n\n - fix high-precision timestamps in timestamping authority\n\n - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n\n - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK identity hint", "cvss3": {}, "published": "2016-05-16T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-7575", "CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:openssl", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/91154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0049.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91154);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3194\", \"CVE-2015-3195\", \"CVE-2015-3196\", \"CVE-2015-3197\", \"CVE-2015-7575\", \"CVE-2016-0702\", \"CVE-2016-0705\", \"CVE-2016-0797\", \"CVE-2016-0799\", \"CVE-2016-2105\", \"CVE-2016-2106\", \"CVE-2016-2107\", \"CVE-2016-2108\", \"CVE-2016-2109\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2016-2105 - possible overflow in base64 encoding\n\n - fix CVE-2016-2106 - possible overflow in\n EVP_EncryptUpdate\n\n - fix CVE-2016-2107 - padding oracle in stitched AES-NI\n CBC-MAC\n\n - fix CVE-2016-2108 - memory corruption in ASN.1 encoder\n\n - fix CVE-2016-2109 - possible DoS when reading ASN.1 data\n from BIO\n\n - fix CVE-2016-0799 - memory issues in BIO_printf\n\n - fix CVE-2016-0702 - side channel attack on modular\n exponentiation\n\n - fix CVE-2016-0705 - double-free in DSA private key\n parsing\n\n - fix CVE-2016-0797 - heap corruption in BN_hex2bn and\n BN_dec2bn\n\n - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement\n\n - disable SSLv2 in the generic TLS method\n\n - fix 1-byte memory leak in pkcs12 parse (#1229871)\n\n - document some options of the speed command (#1197095)\n\n - fix high-precision timestamps in timestamping authority\n\n - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2\n\n - fix CVE-2015-3194 - certificate verify crash with\n missing PSS parameter\n\n - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak\n\n - fix CVE-2015-3196 - race condition when handling PSK\n identity hint\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000459.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"openssl-1.0.1e-48.el6_8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:28", "description": "The version of Oracle Secure Global Desktop installed on the remote host is 4.63, 4.71, or 5.2 and is missing a security patch from the July 2016 Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :\n\n - An integer overflow condition exists in the X Server subcomponent in the read_packet() function due to improper validation of user-supplied input when calculating the amount of memory required to handle returned data. A remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability only affects versions 4.71 and 5.2. (CVE-2013-2064)\n\n - A carry propagating flaw exists in the OpenSSL subcomponent in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An attacker can exploit this to obtain sensitive information regarding private keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in file rsa_ameth.c when handling ASN.1 signatures that use the RSA PSS algorithm but are missing a mask generation function parameter. A remote attacker can exploit this to cause the signature verification routine to crash, leading to a denial of service. (CVE-2015-3194)\n\n - A key disclosure vulnerability exists in the OpenSSL subcomponent due to improper handling of cache-bank conflicts on the Intel Sandy-bridge microarchitecture.\n An attacker can exploit this to gain access to RSA key information. (CVE-2016-0702)\n\n - A NULL pointer dereference flaw exists in the OpenSSL subcomponent in the BN_hex2bn() and BN_dec2bn() functions. A remote attacker can exploit this to trigger a heap corruption, resulting in the execution of arbitrary code. (CVE-2016-0797)\n\n - Multiple memory corruption issues exist in the OpenSSL subcomponent that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0799)\n\n - A heap buffer overflow condition exists in the OpenSSL subcomponent in the EVP_EncodeUpdate() function within file crypto/evp/encode.c that is triggered when handling a large amount of input data. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2016-2105)\n\n - Multiple flaws exist in the OpenSSL subcomponent in the aesni_cbc_hmac_sha1_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha1.c and the aesni_cbc_hmac_sha256_cipher() function in file crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered when the connection uses an AES-CBC cipher and AES-NI is supported by the server. A man-in-the-middle attacker can exploit these to conduct a padding oracle attack, resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - An unspecified flaw exists in the OpenSSL subcomponent that allows a remote attacker to execute arbitrary code. (CVE-2016-3613)", "cvss3": {}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2064", "CVE-2015-3193", "CVE-2015-3194", "CVE-2016-0702", "CVE-2016-0797", "CVE-2016-0799", "CVE-2016-2105", "CVE-2016-2107", "CVE-2016-3613"], "modified": "2021-10-25T00:00:00", "cpe": ["cpe:/a:oracle:virtualization_secure_global_desktop"], "id": "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/92543", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92543);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\n \"CVE-2013-2064\",\n \"CVE-2015-3193\",\n \"CVE-2015-3194\",\n \"CVE-2016-0702\",\n \"CVE-2016-0797\",\n \"CVE-2016-0799\",\n \"CVE-2016-2105\",\n \"CVE-2016-2107\",\n \"CVE-2016-3613\"\n );\n script_bugtraq_id(\n 60148,\n 78623,\n 83755,\n 83763,\n 89757,\n 89760,\n 91856\n );\n script_xref(name:\"EDB-ID\", value:\"39768\");\n\n script_name(english:\"Oracle Secure Global Desktop Multiple Vulnerabilities (July 2016 CPU)\");\n script_summary(english:\"Checks the version of Oracle Secure Global Desktop.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Secure Global Desktop installed on the remote\nhost is 4.63, 4.71, or 5.2 and is missing a security patch from the\nJuly 2016 Critical Patch Update (CPU). It is, therefore, affected by\nthe following vulnerabilities :\n\n - An integer overflow condition exists in the X Server\n subcomponent in the read_packet() function due to\n improper validation of user-supplied input when\n calculating the amount of memory required to handle\n returned data. A remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. Note that this vulnerability only\n affects versions 4.71 and 5.2. (CVE-2013-2064)\n\n - A carry propagating flaw exists in the OpenSSL\n subcomponent in the x86_64 Montgomery squaring\n implementation that may cause the BN_mod_exp() function\n to produce incorrect results. An attacker can exploit\n this to obtain sensitive information regarding private\n keys. (CVE-2015-3193)\n\n - A NULL pointer dereference flaw exists in the OpenSSL\n subcomponent in file rsa_ameth.c when handling ASN.1\n signatures that use the RSA PSS algorithm but are\n missing a mask generation function parameter. A remote\n attacker can exploit this to cause the signature\n verification routine to crash, leading to a denial of\n service. (CVE-2015-3194)\n\n - A key disclosure vulnerability exists in the OpenSSL\n subcomponent due to improper handling of cache-bank\n conflicts on the Intel Sandy-bridge microarchitecture.\n An attacker can exploit this to gain access to RSA key\n information. (CVE-2016-0702)\n\n - A NULL pointer dereference flaw exists in the OpenSSL\n subcomponent in the BN_hex2bn() and BN_dec2bn()\n functions. A remote attacker can exploit this to trigger\n a heap corruption, resulting in the execution of\n arbitrary code. (CVE-2016-0797)\n\n - Multiple memory corruption issues exist in the OpenSSL\n subcomponent that allow a remote attacker to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-0799)\n\n - A heap buffer overflow condition exists in the OpenSSL\n subcomponent in the EVP_EncodeUpdate() function within\n file crypto/evp/encode.c that is triggered when handling\n a large amount of input data. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2016-2105)\n\n - Multiple flaws exist in the OpenSSL subcomponent in the\n aesni_cbc_hmac_sha1_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha1.c and the\n aesni_cbc_hmac_sha256_cipher() function in file\n crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered\n when the connection uses an AES-CBC cipher and AES-NI\n is supported by the server. A man-in-the-middle attacker\n can exploit these to conduct a padding oracle attack,\n resulting in the ability to decrypt the network traffic.\n (CVE-2016-2107)\n\n - An unspecified flaw exists in the OpenSSL subcomponent\n that allows a remote attacker to execute arbitrary\n code. (CVE-2016-3613)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?453b5f8c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3613\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:virtualization_secure_global_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_secure_global_desktop_installed.nbin\");\n script_require_keys(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Oracle Secure Global Desktop\";\nversion = get_kb_item_or_exit(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n# this check is for Oracle Secure Global Desktop packages built for Linux platform\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (\"Linux\" >!< uname) audit(AUDIT_OS_NOT, \"Linux\");\n\nfix_required = NULL;\n\nif (version =~ \"^5\\.20($|\\.)\") fix_required = 'Patch_52p6';\nelse if (version =~ \"^4\\.71($|\\.)\") fix_required = 'Patch_471p9';\nelse if (version =~ \"^4\\.63($|\\.)\") fix_required = 'Patch_463p9';\n\nif (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version);\n\npatches = get_kb_list(\"Host/Oracle_Secure_Global_Desktop/Patches\");\n\npatched = FALSE;\nforeach patch (patches)\n{\n if (patch == fix_required)\n {\n patched = TRUE;\n break;\n }\n}\n\nif (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')');\n\nreport = '\\n Installed version : ' + version +\n '\\n Patch required : ' + fix_required +\n '\\n';\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:58", "description": "The remote host has a version of McAfee Firewall Enterprise installed that is affected by multiple vulnerabilities in the OpenSSL library :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows a remote attacker to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with dtls1_get_record() when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)", "cvss3": {}, "published": "2015-03-13T00:00:00", "type": "nessus", "title": "McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2019-11-22T00:00:00", "cpe": ["x-cpe:/a:mcafee:firewall_enterprise"], "id": "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "href": "https://www.tenable.com/plugins/nessus/81815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81815);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\"\n );\n script_bugtraq_id(\n 71934,\n 71935,\n 71936,\n 71937,\n 71939,\n 71940,\n 71941,\n 71942\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10102\");\n\n script_name(english:\"McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)\");\n script_summary(english:\"Checks the version of MFE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Firewall Enterprise installed\nthat is affected by multiple vulnerabilities in the OpenSSL library :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows a remote attacker to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists with\n dtls1_get_record() when handling DTLS messages. A remote\n attacker, using a specially crafted DTLS message, can\n cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record()\n when handling a saturation of DTLS records containing\n the same number sequence but for the next epoch. This\n allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch referenced in the vendor security\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0205\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:mcafee:firewall_enterprise\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_firewall_enterprise_version.nbin\");\n script_require_keys(\"Host/McAfeeFE/version\", \"Host/McAfeeFE/version_display\", \"Host/McAfeeFE/installed_patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"McAfee Firewall Enterprise\";\nversion = get_kb_item_or_exit(\"Host/McAfeeFE/version\");\nversion_display = get_kb_item_or_exit(\"Host/McAfeeFE/version_display\");\ninstalled_patches = get_kb_item_or_exit(\"Host/McAfeeFE/installed_patches\");\n\nhotfixmap = make_array(\n \"^7\\.\" , \"70103E65\" ,\n \"^8\\.2\\.1(\\.|$)\" , \"8.2.1E133\" ,\n \"^8\\.3\\.1(\\.|$)\" , \"8.3.1E68\" ,\n \"^8\\.3\\.2(\\.|$)\" , \"8.3.2E37\"\n);\n\ndisp_name = make_array(\n \"70103E65\" , \"7.0.1.03 ePatch 65\",\n \"8.2.1E133\" , \"8.2.1 ePatch 133\",\n \"8.3.1E68\" , \"8.3.1 ePatch 68\",\n \"8.3.2E37\" , \"8.3.2 ePatch 37\"\n);\n\nhotfix = NULL;\nname = NULL;\n\nforeach vergx (keys(hotfixmap))\n{\n if(version =~ vergx)\n {\n hotfix = hotfixmap[vergx ];\n name = disp_name[hotfix];\n break;\n }\n}\n\nif(isnull(hotfix) || (hotfix =~ \"(^|,)[\\d\\.]+?E\\d+?($|,)\" && installed_patches !~ \"(^|,)[\\d\\.]+?E\\d+?($|,)\"))\n audit(AUDIT_INST_VER_NOT_VULN, version_display);\n\nif (hotfix >!< installed_patches)\n{\n port = 0;\n\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed Version : ' + version_display +\n '\\n Patched Version : ' + name +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, name, app_name);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:14", "description": "New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.", "cvss3": {}, "published": "2015-01-12T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:openssl", "p-cpe:/a:slackware:slackware_linux:openssl-solibs", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-009-01.NASL", "href": "https://www.tenable.com/plugins/nessus/80443", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-009-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80443);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3569\", \"CVE-2014-3570\", \"CVE-2014-3571\", \"CVE-2014-3572\", \"CVE-2014-8275\", \"CVE-2015-0204\", \"CVE-2015-0205\", \"CVE-2015-0206\");\n script_xref(name:\"SSA\", value:\"2015-009-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New openssl packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.782231\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0defa4b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl and / or openssl-solibs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:openssl-solibs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"0.9.8zd\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"openssl-solibs\", pkgver:\"1.0.1k\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:17:00", "description": "Security Fix(es) :\n\n - Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.\n (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610)\n\n - Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.\n (CVE-2016-3500, CVE-2016-3508)\n\n - Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20160720)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3458", "CVE-2016-3500", "CVE-2016-3508", "CVE-2016-3550", "CVE-2016-3587", "CVE-2016-3598", "CVE-2016-3606", "CVE-2016-3610"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0

Oracle Critical Patch Update - July 2016

Description

Related