Oracle Critical Patch Update Advisory - July 2017

2018-03-20T00:00:00

Description

A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories. **Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.** This Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2282980.1>). Please note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS). This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.

{"id": "ORACLE:CPUJUL2017", "type": "oracle", "bulletinFamily": "software", "title": "Oracle Critical Patch Update Advisory - July 2017", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "published": "2018-03-20T00:00:00", "modified": "2017-07-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://www.oracle.com/security-alerts/cpujul2017.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2011-2730", "CVE-2013-2027", "CVE-2014-0224", "CVE-2014-1912", "CVE-2014-3566", "CVE-2014-3571", "CVE-2015-0235", "CVE-2015-0254", "CVE-2015-0286", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3253", "CVE-2015-5254", "CVE-2015-7501", "CVE-2015-7940", "CVE-2015-8607", "CVE-2015-8608", "CVE-2016-0635", "CVE-2016-1181", "CVE-2016-1950", "CVE-2016-1979", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-2834", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-4430", "CVE-2016-4431", "CVE-2016-4433", "CVE-2016-4436", "CVE-2016-4438", "CVE-2016-4465", "CVE-2016-5019", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-7055", "CVE-2017-10000", "CVE-2017-10001", "CVE-2017-10002", "CVE-2017-10003", "CVE-2017-10004", "CVE-2017-10005", "CVE-2017-10006", "CVE-2017-10007", "CVE-2017-10008", "CVE-2017-10009", "CVE-2017-10010", "CVE-2017-10011", "CVE-2017-10012", "CVE-2017-10013", "CVE-2017-10015", "CVE-2017-10016", "CVE-2017-10017", "CVE-2017-10018", "CVE-2017-10019", "CVE-2017-10020", "CVE-2017-10021", "CVE-2017-10022", "CVE-2017-10023", "CVE-2017-10024", "CVE-2017-10025", "CVE-2017-10027", "CVE-2017-10028", "CVE-2017-10029", "CVE-2017-10030", "CVE-2017-10031", "CVE-2017-10032", "CVE-2017-10035", "CVE-2017-10036", "CVE-2017-10038", "CVE-2017-10039", "CVE-2017-10040", "CVE-2017-10041", "CVE-2017-10042", "CVE-2017-10043", "CVE-2017-10044", "CVE-2017-10045", "CVE-2017-10046", "CVE-2017-10047", "CVE-2017-10048", "CVE-2017-10049", "CVE-2017-10052", "CVE-2017-10053", "CVE-2017-10056", "CVE-2017-10057", "CVE-2017-10058", "CVE-2017-10059", "CVE-2017-10061", "CVE-2017-10062", "CVE-2017-10063", "CVE-2017-10064", "CVE-2017-10067", "CVE-2017-10069", "CVE-2017-10070", "CVE-2017-10071", "CVE-2017-10072", "CVE-2017-10073", "CVE-2017-10074", "CVE-2017-10075", "CVE-2017-10076", "CVE-2017-10078", "CVE-2017-10079", "CVE-2017-10080", "CVE-2017-10081", "CVE-2017-10082", "CVE-2017-10083", "CVE-2017-10084", "CVE-2017-10085", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10088", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10091", "CVE-2017-10092", "CVE-2017-10093", "CVE-2017-10094", "CVE-2017-10095", "CVE-2017-10096", "CVE-2017-10097", "CVE-2017-10098", "CVE-2017-10100", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10103", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10106", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10112", "CVE-2017-10113", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10119", "CVE-2017-10120", "CVE-2017-10121", "CVE-2017-10122", "CVE-2017-10123", "CVE-2017-10125", "CVE-2017-10126", "CVE-2017-10128", "CVE-2017-10129", "CVE-2017-10130", "CVE-2017-10131", "CVE-2017-10132", "CVE-2017-10133", "CVE-2017-10134", "CVE-2017-10135", "CVE-2017-10136", "CVE-2017-10137", "CVE-2017-10141", "CVE-2017-10142", "CVE-2017-10143", "CVE-2017-10144", "CVE-2017-10145", "CVE-2017-10146", "CVE-2017-10147", "CVE-2017-10148", "CVE-2017-10149", "CVE-2017-10150", "CVE-2017-10156", "CVE-2017-10157", "CVE-2017-10160", "CVE-2017-10168", "CVE-2017-10169", "CVE-2017-10170", "CVE-2017-10171", "CVE-2017-10172", "CVE-2017-10173", "CVE-2017-10174", "CVE-2017-10175", "CVE-2017-10176", "CVE-2017-10177", "CVE-2017-10178", "CVE-2017-10179", "CVE-2017-10180", "CVE-2017-10181", "CVE-2017-10182", "CVE-2017-10183", "CVE-2017-10184", "CVE-2017-10185", "CVE-2017-10186", "CVE-2017-10187", "CVE-2017-10188", "CVE-2017-10189", "CVE-2017-10191", "CVE-2017-10192", "CVE-2017-10193", "CVE-2017-10195", "CVE-2017-10196", "CVE-2017-10198", "CVE-2017-10199", "CVE-2017-10200", "CVE-2017-10201", "CVE-2017-10202", "CVE-2017-10204", "CVE-2017-10205", "CVE-2017-10206", "CVE-2017-10207", "CVE-2017-10208", "CVE-2017-10209", "CVE-2017-10210", "CVE-2017-10211", "CVE-2017-10212", "CVE-2017-10213", "CVE-2017-10214", "CVE-2017-10215", "CVE-2017-10216", "CVE-2017-10217", "CVE-2017-10218", "CVE-2017-10219", "CVE-2017-10220", "CVE-2017-10221", "CVE-2017-10222", "CVE-2017-10223", "CVE-2017-10224", "CVE-2017-10225", "CVE-2017-10226", "CVE-2017-10228", "CVE-2017-10229", "CVE-2017-10230", "CVE-2017-10231", "CVE-2017-10232", "CVE-2017-10233", "CVE-2017-10234", "CVE-2017-10235", "CVE-2017-10236", "CVE-2017-10237", "CVE-2017-10238", "CVE-2017-10239", "CVE-2017-10240", "CVE-2017-10241", "CVE-2017-10242", "CVE-2017-10243", "CVE-2017-10244", "CVE-2017-10245", "CVE-2017-10246", "CVE-2017-10247", "CVE-2017-10248", "CVE-2017-10249", "CVE-2017-10250", "CVE-2017-10251", "CVE-2017-10252", "CVE-2017-10253", "CVE-2017-10254", "CVE-2017-10255", "CVE-2017-10256", "CVE-2017-10257", "CVE-2017-10258", "CVE-2017-3529", "CVE-2017-3562", "CVE-2017-3632", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3646", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-5638", "CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651", "CVE-2017-5689"], "immutableFields": [], "lastseen": "2021-10-22T15:44:24", "viewCount": 35, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_FEB2015_ADVISORY.ASC", "JAVA_JAN2017_ADVISORY.ASC", "JAVA_JULY2017_ADVISORY.ASC", "JAVA_OCT2014_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "OPENSSL_ADVISORY11.ASC", "OPENSSL_ADVISORY12.ASC", "OPENSSL_ADVISORY13.ASC", "OPENSSL_ADVISORY14.ASC", "OPENSSL_ADVISORY15.ASC", "OPENSSL_ADVISORY17.ASC", "OPENSSL_ADVISORY20.ASC", "OPENSSL_ADVISORY21.ASC", "OPENSSL_ADVISORY23.ASC", "OPENSSL_ADVISORY9.ASC"]}, {"type": "altlinux", "idList": ["06B10784464339E3251E4C3544A48D19", "5465F07D1A6D03822732077D9B208F0B", "6E8B796A6FEE95047EFD1F1579BB3755", "758E6D870DDEA68E74011E577E986457", "A313619150234C546790730041B628B1", "CA02D996C51FDE4696ED5DEAE9A556FD", "E210B5D4B7259AFCE092F9D1D5E8FDD0"]}, {"type": "amazon", "idList": ["ALAS-2014-292", "ALAS-2014-293", "ALAS-2014-349", "ALAS-2014-350", "ALAS-2014-351", "ALAS-2014-426", "ALAS-2014-429", "ALAS-2015-469", "ALAS-2015-471", "ALAS-2015-472", "ALAS-2015-473", "ALAS-2015-480", "ALAS-2015-493", "ALAS-2015-494", "ALAS-2015-498", "ALAS-2015-550", "ALAS-2015-595", "ALAS-2015-614", "ALAS-2015-618", "ALAS-2016-661", "ALAS-2016-667", "ALAS-2016-682", "ALAS-2016-695", "ALAS-2016-702", "ALAS-2016-722", "ALAS-2016-725", "ALAS-2016-728", "ALAS-2016-731", "ALAS-2016-736", "ALAS-2016-749", "ALAS-2016-755", "ALAS-2016-774", "ALAS-2017-791", "ALAS-2017-797", "ALAS-2017-803", "ALAS-2017-821", "ALAS-2017-822", "ALAS-2017-860", "ALAS-2017-869", "ALAS-2017-887", "ALAS-2017-888", "ALAS-2017-936", "ALAS-2018-1016", "ALAS2-2018-1004", "ALAS2-2018-1078"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108", "ANDROID:CVE-2016-2182"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-07-01", "ANDROID:2017-03-01", "ANDROID:2017-07-01", "ANDROID:2018-07-01"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:08DDC9EE4E7DEBCD387FA33304B8E244", "APPLE:30DAD52FE6873B43EFC82661563B56D6", "APPLE:73A5DE43E262286D306BB143FE6D4F15", "APPLE:781D931DB9B2E3B8255557FD7BF0D6F8", "APPLE:87561C7576B031D8E8098D98D5BACF41", "APPLE:B6838750CA6086B150DDD58EB8FAE22A", "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "APPLE:F15BAD0991243C5F3BD7A363EA796E0C", "APPLE:HT206166", "APPLE:HT206167", "APPLE:HT206168", "APPLE:HT206169", "APPLE:HT206903", "APPLE:HT207423", "APPLE:HT207615", "APPLE:HT208144", "APPLE:HT208221"]}, {"type": "archlinux", "idList": ["ASA-201410-6", "ASA-201412-18", "ASA-201501-14", "ASA-201501-15", "ASA-201501-16", "ASA-201501-18", "ASA-201501-19", "ASA-201501-2", "ASA-201501-20", "ASA-201501-22", "ASA-201501-23", "ASA-201503-16", "ASA-201503-17", "ASA-201506-3", "ASA-201512-2", "ASA-201601-32", "ASA-201601-33", "ASA-201603-9", "ASA-201605-3", "ASA-201605-4", "ASA-201607-9", "ASA-201609-21", "ASA-201609-23", "ASA-201609-24", "ASA-201609-28", "ASA-201609-30", "ASA-201609-7", "ASA-201611-6", "ASA-201701-36", "ASA-201701-37", "ASA-201708-8"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-18242", "ATLASSIAN:BAM-21216", "ATLASSIAN:BSERV-8977", "ATLASSIAN:CONF-44226", "ATLASSIAN:CONFSERVER-44226", "ATLASSIAN:CWD-4879", "ATLASSIAN:JRA-61885", "ATLASSIAN:JRASERVER-61885", "ATLASSIAN:JRASERVER-64394", "ATLASSIAN:JRASERVER-65102", "ATLASSIAN:JRASERVER-70686", "BAM-18242", "BAM-21216", "CONFSERVER-44226", "CWD-4879", "JRASERVER-61885", "JRASERVER-64394", "JRASERVER-65102", "JRASERVER-70686"]}, {"type": "attackerkb", "idList": ["AKB:204BCEFC-4695-439C-9E28-64968B6E1CCB", "AKB:289DC3CE-ED8A-4366-89F0-46E148584C36", "AKB:38474044-13DA-4165-A8D4-86867CA68D83", "AKB:5355349E-B12C-4352-8564-6886EE50CE60", "AKB:70FA909E-B9D0-4B61-B54F-9639E5A20E3E", "AKB:9AB03E2E-596C-490F-8DCB-1A41D344A5AD", "AKB:BDF59C15-D64F-45D5-B1AC-D1B9DD354080"]}, {"type": "canvas", "idList": ["JBOSS6_JMXINVOKERSERVLET_DESERIALIZE", "STRUTS_OGNL", "WEBLOGIC_T3_DESERIALIZATION"]}, {"type": "centos", "idList": ["CESA-2014:0624", "CESA-2014:0625", "CESA-2014:0626", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0066", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085", "CESA-2015:0090", "CESA-2015:0092", "CESA-2015:0715", "CESA-2015:0716", "CESA-2015:1115", "CESA-2015:1197", "CESA-2015:1330", "CESA-2015:1695", "CESA-2015:2521", "CESA-2015:2522", "CESA-2015:2616", "CESA-2015:2617", "CESA-2015:2671", "CESA-2016:0301", "CESA-2016:0302", "CESA-2016:0370", "CESA-2016:0371", "CESA-2016:0372", "CESA-2016:0591", "CESA-2016:0684", "CESA-2016:0685", "CESA-2016:0722", "CESA-2016:0996", "CESA-2016:1137", "CESA-2016:1421", "CESA-2016:1422", "CESA-2016:1538", "CESA-2016:1609", "CESA-2016:1613", "CESA-2016:1940", "CESA-2016:2045", "CESA-2016:2046", "CESA-2016:2599", "CESA-2016:2779", "CESA-2017:0180", "CESA-2017:0269", "CESA-2017:0286", "CESA-2017:1789", "CESA-2017:2192", "CESA-2017:2424", "CESA-2017:2486", "CESA-2017:3080", "CESA-2017:3081", "CESA-2017:3392", "CESA-2018:2123", "CESA-2018:2439"]}, {"type": "cert", "idList": ["VU:257823", "VU:419128", "VU:491375", "VU:577193", "VU:797896", "VU:834067", "VU:967332", "VU:978508"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1616", "CPAI-2014-1909", "CPAI-2015-0039", "CPAI-2015-0075", "CPAI-2015-0494", "CPAI-2015-0994", "CPAI-2015-1158", "CPAI-2015-1313", "CPAI-2016-0349", "CPAI-2016-0516", "CPAI-2016-0601", "CPAI-2016-0607", "CPAI-2016-0684", "CPAI-2016-0821", "CPAI-2016-0822", "CPAI-2016-0970", "CPAI-2016-1089", "CPAI-2017-0151", "CPAI-2017-0197", "CPAI-2017-0399", "CPAI-2017-0676", "CPAI-2019-1132"]}, {"type": "checkpoint_security", "idList": ["CPS:SK101186", "CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK104443", "CPS:SK105062"]}, {"type": "chrome", "idList": ["GCSA-4830242147321115275"]}, {"type": "cisa", "idList": ["CISA:9066702332FCD5766AB41E06EAD9991B", "CISA:E8C8F007DF2A448F84459142FD8D46F7", "CISA:F0D9A1ED5C31628B8E6D1E5F3AD609C4"]}, {"type": "cisco", "idList": ["CISCO-SA-20140605-OPENSSL", "CISCO-SA-20141015-POODLE", "CISCO-SA-20141211-CVE-2014-8730", "CISCO-SA-20150128-GHOST", "CISCO-SA-20150310-SSL", "CISCO-SA-20150320-OPENSSL", "CISCO-SA-20150612-OPENSSL", "CISCO-SA-20151204-OPENSSL", "CISCO-SA-20160129-OPENSSL", "CISCO-SA-20160504-OPENSSL", "CISCO-SA-20160927-OPENSSL", "CISCO-SA-20161114-OPENSSL", "CISCO-SA-20170130-OPENSSL", "CISCO-SA-20170310-STRUTS2", "CISCO-SA-20170512-INTELAMT"]}, {"type": "citrix", "idList": ["CTX140876", "CTX200238", "CTX200391", "CTX212736", "CTX216642", "CTX233832"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0207AE2406224805196D7BD19402D596", "CFOUNDRY:1DFE9585B9C1AAABE38F2402F4352EFD", "CFOUNDRY:1EE86C629ABCD63B886F991BBE5E0A75", "CFOUNDRY:2612C84317452E216670EAF7C553C9D4", "CFOUNDRY:387B2BBB51760E1FFD4562D4008446F7", "CFOUNDRY:5C300E479531E65B86D1CE2C330F61A9", "CFOUNDRY:63DB340A742A21A8EFB20A9452A0EDD2", "CFOUNDRY:927660022E9A31CE680A6AE3AFF33997", "CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77", "CFOUNDRY:AD540ACDC64FEEBCEACBD411658380CA", "CFOUNDRY:C2B8B89ADB85BB41095EAA7D88C0E350", "CFOUNDRY:F006390335E44CFEC69607A8E9BE3B62", "CFOUNDRY:FD6E339752BA328AA16F0962172B55EF"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}, {"type": "cve", "idList": ["CVE-2011-2730", "CVE-2013-2027", "CVE-2014-0224", "CVE-2014-1912", "CVE-2014-3566", "CVE-2014-3571", "CVE-2014-8730", "CVE-2015-0235", "CVE-2015-0254", "CVE-2015-0286", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2774", "CVE-2015-3195", "CVE-2015-3197", "CVE-2015-3253", "CVE-2015-3571", "CVE-2015-3642", "CVE-2015-4078", "CVE-2015-5254", "CVE-2015-5377", "CVE-2015-5537", "CVE-2015-7501", "CVE-2015-7940", "CVE-2015-8607", "CVE-2015-8608", "CVE-2016-0635", "CVE-2016-1000100", "CVE-2016-1000101", "CVE-2016-1000102", "CVE-2016-1000106", "CVE-2016-1181", "CVE-2016-1950", "CVE-2016-1979", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-2834", "CVE-2016-3092", "CVE-2016-3197", "CVE-2016-3506", "CVE-2016-4430", "CVE-2016-4431", "CVE-2016-4433", "CVE-2016-4436", "CVE-2016-4438", "CVE-2016-4465", "CVE-2016-4694", "CVE-2016-5019", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-7055", "CVE-2017-10000", "CVE-2017-10001", "CVE-2017-10002", "CVE-2017-10003", "CVE-2017-1000394", "CVE-2017-10004", "CVE-2017-10005", "CVE-2017-10006", "CVE-2017-10007", "CVE-2017-10008", "CVE-2017-10009", "CVE-2017-10010", "CVE-2017-10011", "CVE-2017-10012", "CVE-2017-10013", "CVE-2017-10015", "CVE-2017-10016", "CVE-2017-10017", "CVE-2017-10018", "CVE-2017-10019", "CVE-2017-10020", "CVE-2017-10021", "CVE-2017-10022", "CVE-2017-10023", "CVE-2017-10024", "CVE-2017-10025", "CVE-2017-10027", "CVE-2017-10028", "CVE-2017-10029", "CVE-2017-10030", "CVE-2017-10031", "CVE-2017-10032", "CVE-2017-10035", "CVE-2017-10036", "CVE-2017-10038", "CVE-2017-10039", "CVE-2017-10040", "CVE-2017-10041", "CVE-2017-10042", "CVE-2017-10043", "CVE-2017-10044", "CVE-2017-10045", "CVE-2017-10046", "CVE-2017-10047", "CVE-2017-10048", "CVE-2017-10049", "CVE-2017-10052", "CVE-2017-10053", "CVE-2017-10056", "CVE-2017-10057", "CVE-2017-10058", "CVE-2017-10059", "CVE-2017-10061", "CVE-2017-10062", "CVE-2017-10063", "CVE-2017-10064", "CVE-2017-10067", "CVE-2017-10069", "CVE-2017-10070", "CVE-2017-10071", "CVE-2017-10072", "CVE-2017-10073", "CVE-2017-10074", "CVE-2017-10075", "CVE-2017-10076", "CVE-2017-10078", "CVE-2017-10079", "CVE-2017-10080", "CVE-2017-10081", "CVE-2017-10082", "CVE-2017-10083", "CVE-2017-10084", "CVE-2017-10085", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10088", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10091", "CVE-2017-10092", "CVE-2017-10093", "CVE-2017-10094", "CVE-2017-10095", "CVE-2017-10096", "CVE-2017-10097", "CVE-2017-10098", "CVE-2017-10100", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10103", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10106", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10112", "CVE-2017-10113", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10119", "CVE-2017-10120", "CVE-2017-10121", "CVE-2017-10122", "CVE-2017-10123", "CVE-2017-10125", "CVE-2017-10126", "CVE-2017-10128", "CVE-2017-10129", "CVE-2017-10130", "CVE-2017-10131", "CVE-2017-10132", "CVE-2017-10133", "CVE-2017-10134", "CVE-2017-10135", "CVE-2017-10136", "CVE-2017-10137", "CVE-2017-10141", "CVE-2017-10142", "CVE-2017-10143", "CVE-2017-10144", "CVE-2017-10145", "CVE-2017-10146", "CVE-2017-10147", "CVE-2017-10148", "CVE-2017-10149", "CVE-2017-10150", "CVE-2017-10156", "CVE-2017-10157", "CVE-2017-10160", "CVE-2017-10168", "CVE-2017-10169", "CVE-2017-10170", "CVE-2017-10171", "CVE-2017-10172", "CVE-2017-10173", "CVE-2017-10174", "CVE-2017-10175", "CVE-2017-10176", "CVE-2017-10177", "CVE-2017-10178", "CVE-2017-10179", "CVE-2017-10180", "CVE-2017-10181", "CVE-2017-10182", "CVE-2017-10183", "CVE-2017-10184", "CVE-2017-10185", "CVE-2017-10186", "CVE-2017-10187", "CVE-2017-10188", "CVE-2017-10189", "CVE-2017-10191", "CVE-2017-10192", "CVE-2017-10193", "CVE-2017-10195", "CVE-2017-10196", "CVE-2017-10198", "CVE-2017-10199", "CVE-2017-10200", "CVE-2017-10201", "CVE-2017-10202", "CVE-2017-10204", "CVE-2017-10205", "CVE-2017-10206", "CVE-2017-10207", "CVE-2017-10208", "CVE-2017-10209", "CVE-2017-10210", "CVE-2017-10211", "CVE-2017-10212", "CVE-2017-10213", "CVE-2017-10214", "CVE-2017-10215", "CVE-2017-10216", "CVE-2017-10217", "CVE-2017-10218", "CVE-2017-10219", "CVE-2017-10220", "CVE-2017-10221", "CVE-2017-10222", "CVE-2017-10223", "CVE-2017-10224", "CVE-2017-10225", "CVE-2017-10226", "CVE-2017-10228", "CVE-2017-10229", "CVE-2017-10230", "CVE-2017-10231", "CVE-2017-10232", "CVE-2017-10233", "CVE-2017-10234", "CVE-2017-10235", "CVE-2017-10236", "CVE-2017-10237", "CVE-2017-10238", "CVE-2017-10239", "CVE-2017-10240", "CVE-2017-10241", "CVE-2017-10242", "CVE-2017-10243", "CVE-2017-10244", "CVE-2017-10245", "CVE-2017-10246", "CVE-2017-10247", "CVE-2017-10248", "CVE-2017-10249", "CVE-2017-10250", "CVE-2017-10251", "CVE-2017-10252", "CVE-2017-10253", "CVE-2017-10254", "CVE-2017-10255", "CVE-2017-10256", "CVE-2017-10257", "CVE-2017-10258", "CVE-2017-3529", "CVE-2017-3562", "CVE-2017-3632", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3646", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3738", "CVE-2017-5638", "CVE-2017-5647", "CVE-2017-5650", "CVE-2017-5651", "CVE-2017-5689", "CVE-2017-5698", "CVE-2018-1310"]}, {"type": "debian", "idList": ["DEBIAN:390904FFE148E120DF4B08FAFECE0584:DD9E5", "DEBIAN:9DE5BE8B4A3901853E275481E780A803:00C17", "DEBIAN:DLA-1043-1:42E7A", "DEBIAN:DLA-1043-1:9386A", "DEBIAN:DLA-1073-1:1EC51", "DEBIAN:DLA-1073-1:DB329", "DEBIAN:DLA-132-1:941A7", "DEBIAN:DLA-139-1:543FA", "DEBIAN:DLA-139-1:5734D", "DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-177-1:BC085", "DEBIAN:DLA-1883-1:3E939", "DEBIAN:DLA-247-1:99960", "DEBIAN:DLA-25-1:0FCA7", "DEBIAN:DLA-274-1:EF71E", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-358-1:3BE9B", "DEBIAN:DLA-361-1:E2323", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-421-1:B4088", "DEBIAN:DLA-456-1:BB65D", "DEBIAN:DLA-472-1:66A23", "DEBIAN:DLA-472-2:D2F48", "DEBIAN:DLA-480-1:4EC2A", "DEBIAN:DLA-527-1:B37F2", "DEBIAN:DLA-527-1:B8001", "DEBIAN:DLA-528-1:BE307", "DEBIAN:DLA-528-1:C8771", "DEBIAN:DLA-529-1:758C3", "DEBIAN:DLA-529-1:DC84D", "DEBIAN:DLA-553-1:16DE8", "DEBIAN:DLA-553-1:43AA7", "DEBIAN:DLA-568-1:8A8F4", "DEBIAN:DLA-568-1:8D4E9", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DLA-749-1:7CC58", "DEBIAN:DLA-794-1:03B62", "DEBIAN:DLA-794-1:D63E0", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DLA-814-1:045BE", "DEBIAN:DLA-814-1:7031E", "DEBIAN:DLA-924-1:68694", "DEBIAN:DLA-924-1:83322", "DEBIAN:DLA-924-2:C1101", "DEBIAN:DLA-924-2:CBAD6", "DEBIAN:DSA-2504-1:AEED7", "DEBIAN:DSA-2880-1:28B7E", "DEBIAN:DSA-2950-1:15DF5", "DEBIAN:DSA-2950-2:DC295", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3125-1:14B8F", "DEBIAN:DSA-3125-1:8906F", "DEBIAN:DSA-3142-1:A3964", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DSA-3147-1:2E393", "DEBIAN:DSA-3197-1:88E12", "DEBIAN:DSA-3197-1:95CA8", "DEBIAN:DSA-3197-2:1B781", "DEBIAN:DSA-3197-2:E7D2C", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3287-1:1A401", "DEBIAN:DSA-3413-1:0CE34", "DEBIAN:DSA-3413-1:12F1F", "DEBIAN:DSA-3417-1:682B4", "DEBIAN:DSA-3417-1:D5725", "DEBIAN:DSA-3441-1:C093B", "DEBIAN:DSA-3441-1:CE181", "DEBIAN:DSA-3489-1:1F09B", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3501-1:79D28", "DEBIAN:DSA-3501-1:90F82", "DEBIAN:DSA-3510-1:F3E38", "DEBIAN:DSA-3520-1:A2087", "DEBIAN:DSA-3524-1:E8A15", "DEBIAN:DSA-3566-1:D74F5", "DEBIAN:DSA-3576-1:22B82", "DEBIAN:DSA-3609-1:174EB", "DEBIAN:DSA-3611-1:6D627", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:2E149", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-3623-1:17EF0", "DEBIAN:DSA-3623-1:720E2", "DEBIAN:DSA-3631-1:30BAB", "DEBIAN:DSA-3673-1:477A4", "DEBIAN:DSA-3673-2:ACCEF", "DEBIAN:DSA-3673-2:FD8F0", "DEBIAN:DSA-3688-1:3F736", "DEBIAN:DSA-3773-1:2A1F5", "DEBIAN:DSA-3842-1:1036A", "DEBIAN:DSA-3842-1:DA193", "DEBIAN:DSA-3843-1:1AF3C", "DEBIAN:DSA-3843-1:ECCB8", "DEBIAN:DSA-3919-1:5F02D", "DEBIAN:DSA-3922-1:71332", "DEBIAN:DSA-3922-1:CA63B", "DEBIAN:DSA-3944-1:135E3", "DEBIAN:DSA-3944-1:A4058", "DEBIAN:DSA-3954-1:BB1DA", "DEBIAN:DSA-3955-1:3203D", "DEBIAN:DSA-3955-1:FFC41", "DEBIAN:DSA-4005-1:3D72F", "DEBIAN:SSL-:00C17", "DEBIAN:SSL-:DD9E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-2027", "DEBIANCVE:CVE-2014-0224", "DEBIANCVE:CVE-2014-1912", "DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2014-3571", "DEBIANCVE:CVE-2015-0235", "DEBIANCVE:CVE-2015-0286", "DEBIANCVE:CVE-2015-1788", "DEBIANCVE:CVE-2015-1789", "DEBIANCVE:CVE-2015-1790", "DEBIANCVE:CVE-2015-1791", "DEBIANCVE:CVE-2015-1792", "DEBIANCVE:CVE-2015-2774", "DEBIANCVE:CVE-2015-3195", "DEBIANCVE:CVE-2015-3197", "DEBIANCVE:CVE-2015-3253", "DEBIANCVE:CVE-2015-5254", "DEBIANCVE:CVE-2015-7501", "DEBIANCVE:CVE-2015-7940", "DEBIANCVE:CVE-2015-8607", "DEBIANCVE:CVE-2015-8608", "DEBIANCVE:CVE-2016-1950", "DEBIANCVE:CVE-2016-1979", "DEBIANCVE:CVE-2016-2105", "DEBIANCVE:CVE-2016-2106", "DEBIANCVE:CVE-2016-2107", "DEBIANCVE:CVE-2016-2108", "DEBIANCVE:CVE-2016-2109", "DEBIANCVE:CVE-2016-2177", "DEBIANCVE:CVE-2016-2178", "DEBIANCVE:CVE-2016-2179", "DEBIANCVE:CVE-2016-2180", "DEBIANCVE:CVE-2016-2181", "DEBIANCVE:CVE-2016-2182", "DEBIANCVE:CVE-2016-2381", "DEBIANCVE:CVE-2016-2834", "DEBIANCVE:CVE-2016-3092", "DEBIANCVE:CVE-2016-5385", "DEBIANCVE:CVE-2016-5387", "DEBIANCVE:CVE-2016-5388", "DEBIANCVE:CVE-2016-6302", "DEBIANCVE:CVE-2016-6303", "DEBIANCVE:CVE-2016-6304", "DEBIANCVE:CVE-2016-6305", "DEBIANCVE:CVE-2016-6306", "DEBIANCVE:CVE-2016-6307", "DEBIANCVE:CVE-2016-6308", "DEBIANCVE:CVE-2016-6309", "DEBIANCVE:CVE-2016-6814", "DEBIANCVE:CVE-2016-7052", "DEBIANCVE:CVE-2016-7055", "DEBIANCVE:CVE-2017-10053", "DEBIANCVE:CVE-2017-10067", "DEBIANCVE:CVE-2017-10074", "DEBIANCVE:CVE-2017-10078", "DEBIANCVE:CVE-2017-10081", "DEBIANCVE:CVE-2017-10086", "DEBIANCVE:CVE-2017-10087", "DEBIANCVE:CVE-2017-10089", "DEBIANCVE:CVE-2017-10090", "DEBIANCVE:CVE-2017-10096", "DEBIANCVE:CVE-2017-10101", "DEBIANCVE:CVE-2017-10102", "DEBIANCVE:CVE-2017-10105", "DEBIANCVE:CVE-2017-10107", "DEBIANCVE:CVE-2017-10108", "DEBIANCVE:CVE-2017-10109", "DEBIANCVE:CVE-2017-10110", "DEBIANCVE:CVE-2017-10111", "DEBIANCVE:CVE-2017-10114", "DEBIANCVE:CVE-2017-10115", "DEBIANCVE:CVE-2017-10116", "DEBIANCVE:CVE-2017-10118", "DEBIANCVE:CVE-2017-10125", "DEBIANCVE:CVE-2017-10129", "DEBIANCVE:CVE-2017-10135", "DEBIANCVE:CVE-2017-10176", "DEBIANCVE:CVE-2017-10187", "DEBIANCVE:CVE-2017-10193", "DEBIANCVE:CVE-2017-10198", "DEBIANCVE:CVE-2017-10204", "DEBIANCVE:CVE-2017-10209", "DEBIANCVE:CVE-2017-10210", "DEBIANCVE:CVE-2017-10233", "DEBIANCVE:CVE-2017-10235", "DEBIANCVE:CVE-2017-10236", "DEBIANCVE:CVE-2017-10237", "DEBIANCVE:CVE-2017-10238", "DEBIANCVE:CVE-2017-10239", "DEBIANCVE:CVE-2017-10240", "DEBIANCVE:CVE-2017-10241", "DEBIANCVE:CVE-2017-10242", "DEBIANCVE:CVE-2017-10243", "DEBIANCVE:CVE-2017-3636", "DEBIANCVE:CVE-2017-3641", "DEBIANCVE:CVE-2017-3653", "DEBIANCVE:CVE-2017-3731", "DEBIANCVE:CVE-2017-3732", "DEBIANCVE:CVE-2017-3738", "DEBIANCVE:CVE-2017-5647", "DEBIANCVE:CVE-2017-5650", "DEBIANCVE:CVE-2017-5651"]}, {"type": "dsquare", "idList": ["E-644"]}, {"type": "erpscan", "idList": ["ERPSCAN-17-037", "ERPSCAN-17-038", "ERPSCAN-17-039", "ERPSCAN-17-040", "ERPSCAN-17-041", "ERPSCAN-17-042"]}, {"type": "exploitdb", "idList": ["EDB-ID:31875", "EDB-ID:35951", "EDB-ID:36421", "EDB-ID:42091", "EDB-ID:42340", "EDB-ID:43385", "EDB-ID:44141", "EDB-ID:46747"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:069C31B8DD5A351921E96252215466D8", "EXPLOITPACK:22AB36B8BB8503098CD2021FD5310DB7", "EXPLOITPACK:302009478677A1FFCEEFA1B54E322132", "EXPLOITPACK:3677CEA2F5D55BD8516ACA2EC17EB7DE", "EXPLOITPACK:8E7AE717DB9D8AE0105415BFDE08CC6D", "EXPLOITPACK:99988BAE0A27143CB886C29FF1A9E24F", "EXPLOITPACK:A023B1E7B9B1ECE48A48E3A7BAB4A7FC"]}, {"type": "f5", "idList": ["F5:K01276005", "F5:K02652550", "F5:K04327352", "F5:K04734043", "F5:K04734219", "F5:K05911127", "F5:K05940857", "F5:K07538415", "F5:K09422508", "F5:K10065173", "F5:K10105323", "F5:K11100332", "F5:K11758085", "F5:K11936401", "F5:K12824341", "F5:K13167034", "F5:K14713331", "F5:K15168792", "F5:K15325", "F5:K15479471", "F5:K15702", "F5:K15882", "F5:K16057", "F5:K16123", "F5:K16317", "F5:K16898", "F5:K16913", "F5:K16914", "F5:K16915", "F5:K16938", "F5:K20145801", "F5:K23230229", "F5:K23489380", "F5:K23512141", "F5:K23630542", "F5:K23873366", "F5:K28418435", "F5:K33209124", "F5:K34681653", "F5:K35104614", "F5:K35543324", "F5:K36488941", "F5:K37526132", "F5:K39272405", "F5:K40444230", "F5:K41815723", "F5:K42185012", "F5:K42219132", "F5:K43451236", "F5:K43570545", "F5:K44512851", "F5:K49000195", "F5:K49233165", "F5:K51473743", "F5:K51663510", "F5:K51920288", "F5:K52342540", "F5:K53084033", "F5:K53756439", "F5:K54211024", "F5:K54747614", "F5:K59298921", "F5:K67190282", "F5:K70844615", "F5:K73071205", "F5:K73761475", "F5:K74605824", "F5:K75152412", "F5:K80513384", "F5:K82392041", "F5:K90492697", "F5:K91024405", "F5:K91100352", "F5:K92307453", "F5:K92930514", "F5:K93135205", "F5:K93278412", "F5:K93600123", "F5:K94700053", "SOL01276005", "SOL02652550", "SOL07538415", "SOL09422508", "SOL11100332", "SOL11758085", "SOL12824341", "SOL13167034", "SOL15168792", "SOL15325", "SOL15479471", "SOL15702", "SOL15882", "SOL16057", "SOL16123", "SOL16317", "SOL16898", "SOL16913", "SOL16914", "SOL16915", "SOL16938", "SOL20145801", "SOL22071504", "SOL23230229", "SOL23512141", "SOL23873366", "SOL33209124", "SOL35543324", "SOL36488941", "SOL39272405", "SOL40444230", "SOL42219132", "SOL49233165", "SOL51663510", "SOL51920288", "SOL54211024", "SOL75152412", "SOL80513384", "SOL82392041", "SOL90492697", "SOL90542710", "SOL91100352", "SOL92930514", "SOL93600123"]}, {"type": "fedora", "idList": ["FEDORA:00A2322B5E", "FEDORA:0309060CF36E", "FEDORA:09F5C6091601", "FEDORA:0FE8860E4374", "FEDORA:13A9D6049716", "FEDORA:13B146087AAB", "FEDORA:13EED60DC938", "FEDORA:1472760748FE", "FEDORA:1BCBD6087EFA", "FEDORA:1E44D601D73E", "FEDORA:235CB60918EC", "FEDORA:28ED3610D7CE", "FEDORA:296366094919", "FEDORA:2AA4A608C00E", "FEDORA:2BE5D60BDFEF", "FEDORA:2C5E66075D89", "FEDORA:2DDF56087EFC", "FEDORA:2F34C6133E02", "FEDORA:30C4560E4589", "FEDORA:30C4A60C450A", "FEDORA:361B46048FC9", "FEDORA:361D5605D56D", "FEDORA:399E16057156", "FEDORA:3AA44605DCD5", "FEDORA:3F80D6061813", "FEDORA:3FE0460875A2", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4329260E587A", "FEDORA:4413E6087D61", "FEDORA:4467B60E6CE0", "FEDORA:44719604F0C3", "FEDORA:44AA5603A529", "FEDORA:45EA7605A34A", "FEDORA:4628A60C3512", "FEDORA:4B961604A720", "FEDORA:4EA2C604D2D3", "FEDORA:4EF2660E458B", "FEDORA:50E7D60F2C0C", "FEDORA:561B260CE121", "FEDORA:568C0605A286", "FEDORA:56D376268FDB", "FEDORA:571176087BA3", "FEDORA:58A826087D72", "FEDORA:58BAF60A0C7C", "FEDORA:6CE3D20E51", "FEDORA:6D641613A08A", "FEDORA:6DCC66067328", "FEDORA:6DE72217A3", "FEDORA:6EB0220FFA", "FEDORA:77E4F6087EA4", "FEDORA:788C960875AE", "FEDORA:7B6536093B4C", "FEDORA:7B6DA60CB977", "FEDORA:7E8A66075F16", "FEDORA:83786606E7EB", "FEDORA:8830E6049DEB", "FEDORA:8DE4F613FFDF", "FEDORA:90B5B61F4FFE", "FEDORA:9242E60D30E0", "FEDORA:9278321934", "FEDORA:955A2608A1F0", "FEDORA:978FF6087D29", "FEDORA:97D036078C28", "FEDORA:997B660D68A4", "FEDORA:9AEBD6087C55", "FEDORA:A16B6608748C", "FEDORA:A3C8D604C8B1", "FEDORA:A69386143D9F", "FEDORA:A8CDA60E1392", "FEDORA:A9C45608786D", "FEDORA:AB2DD6067A04", "FEDORA:ABDD7608A209", "FEDORA:ABF366060B60", "FEDORA:AC832604E903", "FEDORA:AE0456062BDB", "FEDORA:B10C560CDFE0", "FEDORA:B1D43608A1FC", "FEDORA:B2E586062CBD", "FEDORA:B5DC86010236", "FEDORA:B70CB604EC19", "FEDORA:B758360EE970", "FEDORA:B936B608A494", "FEDORA:BC83A6087888", "FEDORA:C277D20308", "FEDORA:C4392608A4B4", "FEDORA:C6B3F60776BE", "FEDORA:CA868607A1CD", "FEDORA:CE4F260CE12E", "FEDORA:CF0AC608B5E3", "FEDORA:CF2EC6087E4E", "FEDORA:CF9346049DCC", "FEDORA:D0BC06087BAD", "FEDORA:D241A60EFAEF", "FEDORA:D331C6087C6A", "FEDORA:D917260C7478", "FEDORA:DDD696087CE5", "FEDORA:E4D7E606D4FC", "FEDORA:E523360D8734", "FEDORA:E67696087B8D", "FEDORA:ED7C56087EF2", "FEDORA:EF85D6078C05", "FEDORA:F25536078C20", "FEDORA:F38FB60CBEE0"]}, {"type": "fortinet", "idList": ["FG-IR-14-018", "FG-IR-14-031", "FG-IR-15-001", "FG-IR-15-008", "FG-IR-15-014", "FG-IR-15-023", "FG-IR-16-026", "FG-IR-16-048", "FG-IR-17-019", "FG-IR-17-173"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "03532A19-D68E-11E6-9171-14DAE9D210B8", "0765DE84-A6C1-11E4-A0C1-C485083CA99C", "0CA24682-3F03-11E6-B3C8-14DAE9D210B8", "0DAD9114-60CC-11E4-9E84-0022156E8794", "32166082-53FA-41FA-B081-207E7A989A0A", "333F655A-B93A-11E5-9EFA-5453ED2E2B49", "3679FD10-C5D1-11E5-B85F-0018FE623F2B", "384FC0B2-0144-11E5-8FDA-002590263BF5", "43EAA656-80BC-11E6-BF52-B499BAEBFEAF", "4AF92A40-DB33-11E6-AE1B-002590263BF5", "4C8D1D72-9B38-11E5-AECE-D050996490D0", "4E536C14-9791-11E4-977D-D050992ECDE8", "50751310-A763-11E6-A881-B499BAEBFEAF", "5AC53801-EC2E-11E3-9CF3-3C970E169BC2", "61B8C359-4AAB-11E6-A7BD-14DAE9D210B8", "67B3FEF2-2BEA-11E5-86FF-14DAE9D210B8", "6F0529E2-2E82-11E6-B2EC-B499BAEBFEAF", "76C7A0F5-5928-11E4-ADC7-001999F8D30B", "8305E215-1080-11E5-8BA2-000C2980A9F3", "862D6AB3-C75E-11E6-9F98-20CF30E32F6D", "8E5E6D42-A0FA-11E3-B09A-080027F2D077", "91A337D8-83ED-11E6-BF52-B499BAEBFEAF", "9D15355B-CE7C-11E4-9DB0-D050992ECDE8", "A258604D-F2AA-11E5-B4A9-AC220BDCEC59", "B6402385-533B-11E6-A7BD-14DAE9D210B8", "C4292768-5273-4F17-A267-C5FE35125CE4", "CA5CB202-4F51-11E6-B2EC-B499BAEBFEAF", "CBCEEB49-3BC7-11E6-8E82-002590263BF5", "CDA2F3C2-6C8B-11E7-867F-B499BAEBFEAF", "D455708A-E3D3-11E6-9940-B499BAEBFEAF", "D9F99491-1656-11E6-94FA-002590263BF5", "F7A9E415-BDCA-11E4-970C-000C292EE6B8"]}, {"type": "gentoo", "idList": ["GLSA-201407-05", "GLSA-201411-10", "GLSA-201503-04", "GLSA-201503-10", "GLSA-201503-11", "GLSA-201506-02", "GLSA-201507-14", "GLSA-201601-05", "GLSA-201605-06", "GLSA-201606-11", "GLSA-201610-01", "GLSA-201611-22", "GLSA-201612-16", "GLSA-201701-36", "GLSA-201701-65", "GLSA-201701-75", "GLSA-201702-07", "GLSA-201705-09", "GLSA-201707-01", "GLSA-201709-22", "GLSA-201802-04", "GLSA-202003-01", "GLSA-202107-39"]}, {"type": "github", "idList": ["GHSA-3GV7-3H64-78CM", "GHSA-4MV7-CQ75-3QJM", "GHSA-6X4W-8W53-XRVV", "GHSA-7JW3-5Q4W-89QG", "GHSA-9785-W233-X6HV", "GHSA-9HG2-395J-83RM", "GHSA-F7F6-XRWC-9C57", "GHSA-FVM3-CFVJ-GXQQ", "GHSA-J77Q-2QQG-6989", "GHSA-M6CH-GG5F-WXX3", "GHSA-Q9HR-3PG4-3JP4", "GHSA-QG25-HGJV-CG9Q", "GHSA-V646-RX6W-R3QQ", "GHSA-WV88-PF73-X22P", "GHSA-XPHJ-M9CC-8FMQ"]}, {"type": "gitlab", "idList": ["GITLAB-AF533046A231A5E3F663258365259546"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:1018F8694CC71D28EAB1260365FF3821", "GOOGLEPROJECTZERO:ADFF11EFB87724760A3377733EE703D5"]}, {"type": "hackerone", "idList": ["H1:1271701", "H1:134880", "H1:194761", "H1:197253", "H1:199436", "H1:199438", "H1:199445", "H1:207404", "H1:207457", "H1:216271", "H1:217431", "H1:221785", "H1:221787", "H1:221788", "H1:221789", "H1:221790", "H1:221791", "H1:221792", "H1:288966", "H1:318594", "H1:50885", "H1:73241"]}, {"type": "hp", "idList": ["HP:C04451722", "HP:C04720842", "HP:C05507350"]}, {"type": "httpd", "idList": ["HTTPD:30E0EE442FF4843665FED4FBCA25406A", "HTTPD:BA2AA2F9CA78BCC3B836D2041D1E15B6"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140613-OPENSSL", "HUAWEI-SA-20141215-01-POODLE", "HUAWEI-SA-20150226-01-GLIBC", "HUAWEI-SA-20160706-01-OPENSSL", "HUAWEI-SA-20170316-01-STRUTS2", "HUAWEI-SA-20170322-01-OPENSSL", "HUAWEI-SA-20170419-01-OPENSSL", "HUAWEI-SA-20170503-01-OPENSSL", "HUAWEI-SA-20170712-01-INTEL", "HUAWEI-SA-20171129-01-HTTPPROXY"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "007E4732B5C858D68314FCBC681F238D11A80EC2685E0C320CE28F1D80CB4ECA", "00C392F80C93B9FD9D5E530029FDB643360FA8C14DBEEED32C8359B1CA0E28A9", "017198847549473B2F1109F9F4CE4C76950F186E9BE5A4FEADE9746A60AB9F69", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "01C2BD6F6CDCD525791E097D5709AFBC3F4837B426F67AE0350485110A1D9824", "03180DAB39E0A4D2F6A125A173EDF5A9BB41D6EC602F0BC77B45013371762493", "031AAD2F4A8A9C4530B608777F7DDA3A6A4ABAEC1F0C0C1398E073B1E0501315", "0327D6322E348CE4D393B14A7F3A3B993755DF0E1581BE7EA7B2EB1703C132DF", "03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756", "04538659F2D47E517CB506D258BBD837F111577F7C1EAE6B24A915799A34897D", "04939D7872591F1C816A7DE5F111F85134561153FA9003099B5DEC6DD54495BA", "04EED2117E1687EB241C7ABC5CB11968429DE85CA86DBFFC8AA9194D5653A8C9", "05202A97BC9D29C1AE1254ED36E3B3DAC56085AA5AAB84E1E14CF73750901F2C", "059BFBBD8CB8F92E03748427F677CBE26E890BA80C56429CEEE0842DFE7AAD52", "05B0DC8D7A3C31970B0CA0F0C0ED5B3A16233221026D8D9A370AF5E7C32B48F0", "065C6267E33F60E263D9B7F689F432B3413883F6EF7A0BE4EDF4BB598847FCFA", "068E4774F9835C8E080EE324144DDF1D362B4CFF31E92E6F3B859DDEBD2C9E8C", "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "09EFBF1EDC3D056A4C55B6D328B0019A52124F7A8C7DCA88E25031BCFD79F86E", "0A94A36BE877692B2F0AB97F5081AA5C3010CDF94C05C7E8B0C0AC4E64BEBA67", "0AB5A9CCDFB8C604D4ADAAA64BE06DEC4E17E1D4FDDE56566BA83011AF4C59A2", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0BFFC8DA3D20D61485D3B937CF8B08468DB94C6B523B29DE9871511B28C3EEAE", "0C0CCA72486D24634C199E09AA3461D9A894E25EB43C3E1735E0C1DEC7D01678", "0C1A8A8F899BAD393CEAEFB362E8BA638024D8C0B7B920D545CE843E1DAA23DC", "0C2BB43DF89AB651EB4868C14225E174A83EBF22C74E30A0801125F7BAB5FEA4", "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "0C789A293EDA416139FC93A0F98B711533975F4FF301F513B32B4DA1FA748C6A", "0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "0CB790755A86B581A38C5E6BE6E3A26223CD5CF0D217D9AF43702EEF9E45DABD", "0CB9447A86F4E057E6BCCE438A998B8AC6A17C94584F25C62A55D07D5D528CE3", "0CD3C55D23EF6A3854413D6B77B0308F73405F8CB242F8337158678FAB58DBC5", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "0D459600B092B85E783E0A6371C3E1BFEDCD18BC648ACAA512F5FB9EF050A910", "0DA16010754F6A3A66E6070FF741D701A7AD021EAE93340A6584612005BFDA0C", "0DF839027A7A83944AED405EF5358D384C769915E69942AEC7BBE50E937AE134", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0E96665079E56894EA39AFB24283955B35E3838213DCD87205604F5B1858EEA7", "0EDBD09066818302150073FA499E426B9E1E957BDBE65933BB41C32EAC61E483", "0EE17D440C828A2F1F3F9C3FDE6036B28E45371AB043D8D00888155801644813", "0EF44D7BEF5C03959E950CB614519995F2E867A8D23700F1A140791E7A71940E", "0F43BB36AD1D0D815B83F74EC5F61DCBB6C382A430E1F7C0D57C2E7E33AC6700", "0F4490A26A7A5960275AF6437143D350A19CD931C617E64E2575EA3E557FDA61", "0F66A0EBF2BB354FEE49365A0BFF63BC3375F7D75B03AEC0D3A10E90CC949472", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "10A1C628C399C86E24C9D6A9B3952A5B25FBBB7072A52C80458F472DD864A956", "11390CB718AAB91F0124AD7F77F9F328F95343F49BC262D8B24BAD7F96BBAC7D", "11452E38010E945A0FE01EFC4554F3798D8F99A1582985B386C674085821DFEE", "11592D9DCAA011680C29B921E2A42B40FF6A1F45E552F96621474C6DFC8D1F66", "11A86E6641297DAF1F727CB55B1F67C48A1B3D5E2E1EF8DAADBD7B84B7DAA777", "121AD16C8E6DC137F59BC7099DCBB94073B1DAF243EA01F065B73DC33C59F7CD", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "12780044E1A62D25F913723FBCBD5B926E91CC9AC8CA8FAA1DCE18D02D152689", "129E5B62D60732128A0EC19397E58D4329EE7F4D46AC1C97DF6F8DFCAEB8C3C7", "12B9606883D777AD06410C5B2DCE288332F54BBAFC06CB8B2BE8FBD2CB2271FA", "12CC2B1AEAB57337E1D36E3D35D006E93F9D019551301EEB68A17B62851521CB", "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "1381DDC2EB11D20FD35FD5133E3BDD2833703D883F98CAA012F0CFBF823F4A6D", "13F00230B493C3686E89942E64907F497BD16EC400D563B1E916EC82CF0C2ECE", "142CC78D456D60E4C1854BC0E93F8802FF4122A7CF6BFD85E457671E02B96A45", "154959AD312743D0405AEAA761D472891EC4AB0DB42D62DF98414A64862177AA", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "173149C2862A76C3B05901A2E9C6C47516A51FB293E9B22E259A50A96D934C7C", "1736B585D80ED031E004E1AC38E590615C7E0F6FE6AB8A15B1B90CB8EC998277", "17AD7BAA4B4B92B376991EA6E2FDE807376B44743890E9D9B34CC80855CC7FB1", "17C5F79C4C7AA38B0382C6A83D3B5EB17A334C042A875A99DDFEE93B8FCB82B0", "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "186826DEC64CEF861CABB6400E9E91E4A3DA403061721894238F233211663F6F", "19014976708B59CA6D0D38BD53FC83A65A328CD06A0D3047C00AD7FB2745CD32", "191ED0FC710CC29D37F2021F055C5B6E215B0D429C955179B8D16255149183CC", "19836CFD4B17D54261C87EA5080CE00A6A0B8431CD9312140526446DBADCF9AE", "19E7CCA2109CC5A3B3DA0F4448A131CA12DB092BA0296A6E61E4E3FBDF15126E", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "1AB6C87822449F337525790F64ED73FED1F21D5955D5FB57AD3579D521F600BC", "1B615B06AF39A95422F30CAF419B626D94016FBDC601EA95B7F345E31460BCB4", "1BF3F83E9C70EE854C61B8530F6C49C87B34D98B653CF9884D471690F1C364D6", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C7571B870C8E0F53BD1021F740C140F42C5E17DC0CF9E67A9EA518C91C58FE9", "1C8642514B80CD34963C6F71980044917E14636767959F77FE5B38BC3F0358D3", "1CC7A3B18C6A6840C27A5AD471020D77EDB5E679DE0DE0349AD85905B0A529BC", "1CDDAF9A5BDC499624F48C6A4A87E60ABBC6A591C8C97B4DDE9A84AF6CC390F8", "1CE1873D341DC0598173C04330383D7C8134E99FE843208AA8E4DE46AF520220", "1D7A9620014C4105B221C6CDF92C1FEE1B525AEE56A16CA716E6FAE637E873E0", "1DE7092CF9D2A8FB7DFACA0A7C7F1059AD777887626F8CCEB4DE7037CB46AC68", "1DEC7FD30C92434624557BDD1128B37921411BD17E6CDC7FBA2302EF3CDB8DDF", "1E8933569F7AACD6AB5F73196F8930386DBFB5F49E264DAFEB5AC02CAFAFCCD1", "217AD57E5C1FAC3730E024994E1234D1250A4FF57E69934C31E56E564849786E", "21FB4E6484CD2C557315381AFCF80B167506D975B8CF95E078BEB82443AF7256", "2244436F502BD4ED1C081FDC68E7A71143D7F9B0E35067F1C1C77FB61470EC9B", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "23F4B88FE854F6472AF6E49BDCFC4F4C04A4941FED4D1CBE852D4468308A73E7", "24DE392F9B4B89C883DC909827BC436E7C7A47BF77F4D69F8D7486A3A0254322", "256D69C6A8C49FA921BFF6BD50DAECC1F4BFD09962DC3AA698602171A4AF9305", "257FE3C03DF1EAAF4C91B06A98D64FF55D1CBD8F44963992BA87CE378431E9ED", "25A108BB00669C6AFB7F493C12E44D6EEF88BF241A2EA038F40197F15B5975F3", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "2666C659D997588714E14C01634C94F0B9A9EF963A2F6BD072D0D717E4DAB9DA", "26CE7C1AAFA750AEA550E154567083BB107029164FBC8A538FD7AE568423A32C", "2747E3830DAF51B2780DB9863A2F1C153F8615DBA44A0B3E6AC2214663DF92F9", "278449A61CC496D82BDDFC1CAF85DB977FFA3B5E21A596C86DA1D7A3581EE922", "27A1E5B4A6BAC9C0C8975B4AC7121E6713961B9C5E1A117D4B57F5B0A298E422", "27B8E9FC98BA91ABC2C10006CF43B0739BDA7A3213E6F5DEF3851A7D59959B97", "27FF124A9F0DA6AEE8BC677A7524268856EF47240EE42055FE5E007169B8EB78", "2830C710B20404D6B16EF9CB8161B321F59F7341D8798630B8603B369CA4ED57", "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "28DD6503E2D2F42985FA58067AE4CD860E5165D688283BC82590A5DF7DC6F8F0", "28F09F928D8A64947630E0341FDF6E6F1981E04939D0DE4237070C2BDEC2DDA7", "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "29DBB9F1E2675C7D11CD51CF8077BB360E608001AE72FD3BD0BEA1D3E8553096", "2A0289568A16E75438F062DD5447BEE8F462BCBB11E9154045B8CB577F2DD29B", "2A5E5140226F7DD38A791DE1E8EE7913E3512D8FCB1A86411DA5AFF49D8E6F4A", "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2CA33B5BD21F2253669F339F2C348AF4F0B1E434C8AB06288D44EBA6EFABAF63", "2CCCFECF7034A5A1D355B5AC5A6B9921B110FA2AC9C433FE292E8D3F30B1DBB1", "2CE5E1CBE3AFA84EF6B6144C280719D2B5CB99A981541A17994F64EECC23CFE7", "2D09370BF63380E5E37DA1E8FB27AD00A3CDFF81E6CB708DD97920A5020FAA74", "2D559605991F1CA79052D638B7A30228E86D07AFDF258611970D276D5AA39F4B", "2D6ABFD773A139FAF4A5896B0D244FEA196722BEDC26C16CCA61755624C6067D", "2DD38E427DB50FDA5C4D07F52BDC62BA35206BA44BC185595E39ACAE88DD41C5", "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "2E77519DC296010534657E6685399645E3688DDB75C1903A1ED7B83A0135B27C", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2E9D4568B743B9BD75F8462B4F4198F10C55ACF509C02151171249327D3AA277", "2F044E6D3403CF1CE244F404A02D2A1E0F016AD4BEEC5C72C153F07E02439876", "2F16303A6714ED6245EB041C18095D82C87D626C125467F6110490A6D850FA20", "2F35E2DCF5381942547832B4E8BA479A4689FC1FBB9AE66EECD61ED3FA34CEA8", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "2F9EB7050356C406E631B5274AEC53CACCB554C8B5CBCF823A2680028726AAAC", "2FACB142191F430AA0E02427A99B713A65BBC1222912675BBD7E0214DE6B1E59", "2FE4FAEC11A5A595193A03B9D60E81D9623A26BB5D27D6ACC64201D05E5AFAA9", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "3048CBA7FDCF53E63595104F24F428E3014DB1EE5B3AE7E450E0E0C06E5736BB", "308A05F5B1028A741D58EC30AC13C7A0A2B660380B87E8811177772F0014DA1B", "309C257881EC1B262C362A51A26ED2456552A2DE0687635F17746EA2BB9A63D6", "30CE29210480BEEC2EB282BC15979827A9D22FD02B9CEC9C7CA1BFF2E6B78BD1", "30F31D61B76815116E40D478A4FF3D7F4375DE5C3DE9AF0D9789BB84723A1B12", "328EA4EC6B75924B9BAF1379828755E57421F5DD51277D579C2833A7289B6F85", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "32EB8BE682985EED6CDB1D2FE6AAA4C3E1F475A6C6763236F416CF5D1908DDD8", "33DC4939270E2A88F09BC157B6DD9FD1AEDE5010D716C89FA15BCAECDEF82690", "33E52A9DBA086DB5F19823F05F8C90D67F5E51BC57A3C8537AD400586116D7ED", "340A46633C57BC64A513C7574F7A78D6AB2EB22FC581AFEB2E64A95AF1A94932", "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "356FE57EA65A13321D1E838C9735B06928F0572E0C6AB0955DE122FCE0F71789", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "35E8926C22ED4C3243C1B5C02680DD61921D50FF6BE976433A3D51EB64E6BBB8", "362D62C684CC4EC1C14D4239144C432AC6F62E6231DC7416F6DEB9B4ED0F1853", "363661231CDCF5535EBC32F147EBEEC8D838F947C18CFF4C8F592EC472A3B7D6", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "36B9584E17AA5AF2507B4055D315F6471C0FAEB4DA5E11B3981F0D14B6267101", "370720DD138E7F0A22E9D2EC7B9B753467F08D4E08DA37215653D937EDB0E545", "374411ADB66A6B6C60B3EE4DE9977ADF2AE7482BB4DDC9927957858BCCD39B02", "38458D3770070EAF0DF6F2EB778DE85F403B99890EB0B69F4B9333DB4492B9FB", "3899BD4528C3DED11372760AAF676C3C87D98D5142D95E7CEE23A06644E3B197", "3918C76EC7F53EFDF9D130FFCD6246ECA57AF2056C25E6C5539574FCFF5D00AA", "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39C9A1E43EB70658FE71D01538582B5D0389F6360A624E0B8B800D6692A15BC0", "39CAE5EE9A0F3DE219E28E6A3BE90E3B8E089FF2AA4C74E8BE3A4E2714716AC5", "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "3BD924AB1914D06D60F032CE4061B3FB0D5473ECAA7B3D99C2DF77F4E5E7546B", "3BDC1951491764B9241BA7E569405C94AE82117E613B77CEC82583F5DFA66470", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3C630E87CC8A98E980FC5838CF94096C676B99FA65014F79A0F1057053EEB9E0", "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "3CC341F512B972FA400DC2567F88C930644A1B4BA4DC7920EA85D111D730075C", "3CFF13ADA1D4912594BB3AC9D0D9ACB17881A208B1AD8998A1E8BD64DD6C5268", "3D12006C995C2C683E173419369377B400C7252133E8CFEEEC83E09104078893", "3D495863CA9052A253553495AD9BF5657CD32718E02FC42A34798DA66AAB223D", "3D4CFBE81D9A6464F4AAC6F1D7E2E055CFF75F5E68D18F1B3154B9120325E8BD", "3D6246498CACCFF52D92DB28CC2A02DAA7ACB4972B156DE4B6CB298BFF2A769E", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3D8B3E5AED8F71EEDEBD1FA1200BCA1ACD2E6E31D2F51811AA482BFACE6985B6", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3DFE6203DB59955492FEFDC3D6D48EBB07936D0F880BA3893D07DEEAC6EC7CD2", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3F80F1C5995CB0E287AB72B1E8BF8C924AB58095FF03363465C1CD78E76837BF", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "3FECBC639ADFEB79371F9900171834D9C0E821EFFB9AE772387931314E921F6F", "40143F0DA50617F5EA31C30CAE6F6341059E3F031BCE0BC7DBD9F120A3C1F432", "4072C39942198FA288CA301A6C2F9213A715552B7A9DD1177F87322136D13270", "40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "4251BF902F30002559A2470251FAA93C93CABCBD376ACE3187498BEE3465AB24", "4278728D85C79F2084FC36711DAAF10C86E475C8E6940F2111DD155F1C48C0FA", "42AE91380DCB3B179D17D9079FE0F75521810DC3E151069826D9442130A7A4DC", "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "42D646B79963AF25FA8B3CA92924FF944D6CEFEE6BB53EA1B494E00FCE0E6877", "42DE03BFB60C7C03EC762C5A65E3D234775F9BF3F573DA84DD08CF37B63769A5", "4337F9AE4A5A2285A37D88E12A5DAC941D106D987FD93F7005C756BEB07720F5", "43EA7D9D017D774D32A0D197F345A2CCB9AC632F5A3F17E7D34A94C65782172D", "44581CEFAAC57F6BA083046E8D17AC3B05F7A3FDCFB70055DF3548236FC99CA6", "448B36431D70C2FF876FBEC8D7CD3B51B5042A64B4AF7EEA7903D392CD01A757", "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "45B6B8918A8181B5A49A84FAA6E92F7A2E7BD43FCDEF0ECCDE18648925EDF627", "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "46799FCDE18E3EFD375868A79B70BC4BEDEC133C2495D8AA8CF81D91E7DEF01A", "467A4726E3E7AEF66C203B003944DA9B03EEFBD2B1D75CD15AF1455C2AF4B2E8", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "47991D9067F3E8EA600E55446199432814A0D6200FFC38923B70F21CE2691318", "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "4809400533FD6C30023AE955C69A543142E0C7DF76FF919FD4AE1E2A5EE20F64", "494EAC6DED2AE35E21EE2CDDCCEF3D9DC2E0A6224046209E48AE5CA445191511", "494FCFB7068CB9C9CEB3FE685DE60B86133F530BABAFDA1274F0A594D23B03AC", "4963186BE138D19FC5CE3A9EC49741FA3283976A86D6A9F4F6118FB16B669419", "4A2C5224A5D45C6378C117215B6377F5D1277DE19E121950C3A6023758C715BC", "4A325EAEADE0B2570B74B5CC599F3C1975F694E5A8FF485F9EF08D83AF509833", "4A5BA6F806D70D220D317E2FD1565C67DD9D79F0CCCC6F2EE1DF9D7FEAB9A24F", "4ABE735EBCBD6C52080276A3E247C08772B265E93CBF7D83609E0D7945CAE44D", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4CDD83266FF71A2D23AED46DC63B0A8C380FFEBAD67E6B7B0148CA59E8672206", "4D46555CC0823FE00CE69BB661E3C164ECC9C67FF1657E99090AA350CB0CD0FB", "4D5E32921B9FDA0BABDB9FC856CA2C16B6015205472E4B5A027576A1AC49A0F6", "4D77034014EA28691F31F1A1AD3A78E0638E8CE056EBC57C6A804415C796E31B", "4DB330CE9E158474D6EDD110D8F288EDB381271E5DF52947EB7AAE87876AE2E8", "4DCD65078718A8D516F2EEE878B45FE5D131D6C4D4010E935F3E6A750A6D9BB3", "4E0CF71A698515A29D0ACA1BB71EC6A8B109B50F539EF3517671ABF65450A55C", "4E0EFF0D013B3FFE7E5660259848A887BD9155BA19EF19DA0730D3AB081E99C4", "4E170B8FD5682769ED75972FAE0552F568BCBFC890B02D2B0B3E378720026C6B", "4E2827C7B66E5750B0EA21231A352254C3192453528CBEDD0F4F230B934557F2", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "4EF9332DC41BD9A19557ED28E080D548C37B2564308E9B4AFC6661AE1FF86428", "4EF982C974766057C7B93AEAB363E572E77E92BC1EDE757D6871ACBFAED6158D", "4F6FB5501A3A3DEBC541BF8B696E71B1DC215ACD088489CF6E93DFD00FFE1F27", "5007847C128F9E3D31BFC95E261F4152F6B9DD1551B91A8CBFE6C1F12E8909A7", "5049E0390F7FB17FC4FB6FCDA949E23241366872E7987B7D22194E73DA48367A", "50F17354A0A89B52C1E061D02F78509C6F34AF2860DC46D6DFC82469E2AB6C29", "517ED6B46A2D3B0E04DDB4B6B9CD4302B2390BD38C3C1127A87B5CADA67CA8DF", "51ED8EF86AC075C84B5BED5CBA3B714C6F6D9491A369900A6371ADC37EE2C3CD", "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "5276D07236F09D5D4E1A38B4E304BC335E677F2639AAB1A09809E9794F9A17E1", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "52906CE8C8622E275F3EC86C7AA7E56C8921469551413828E51E81FFDA7567AD", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "5329CD1C63D2F95E92A27532DD149EA30C54823558FD6ECF9F637F7793762B35", "552CCD91DA9A5C1B6B08BED8115E70317A59E9D05C357D2E72183BB05B7E0CE8", "554CE60D81502C7A54AA5DB43B8510FE85C857B252F4973C772C5F8C14862371", "558CAD9A5E5A5DB3D91B699B8E6AFF2BD311D7C60540A03ECC5F9872EA7730EB", "55916A93299C26CEFD57EAC9B4B44B5429F1C0F2F4BD066FC478F53F694F6BE0", "55CEBB9E20A58983B23E3C229BF737495693CC60EFC2B16F3EF9E573880A87C2", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "55F8F21346EDEA63D23DEC5EBB44C524EAAD84D3EF679B21A46A79265F3AEF5D", "55FA67BCBAA6733CED0D492F89AF1B40789BC45C04CD857041D7C44A7C56ED1E", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "56571F8D8AC469663A4379BD08C051690C597896DF1DC536B036CD0426D8412D", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "5732370F4F8B5D39FBC3A44413C65B26F02167FF38729A805C868D677C534946", "57AD0C0FC8A00BEEF6E1F3C8A1E152181FB65DFF630150E0DA7D2BBD63A52DB2", "57CBD94F97013E208754F9AF764D3D11B1DD38D12A2436EA761D2BBFEB325C9A", "581C275093B683BB779DBFE1995D5CE6F40E4DDF3105B319DBB43DD3270F0131", "58E33C1549EB4DBC850E6823A153E89AA2B58543688B7109103E107A7E7D2EBE", "5902A41E6B193100253C43987CCC82D3DCB47681EEACDC1CD8E3887329ED5E19", "591E98996DBAEC8DA2E30D3261AADF9BF750C358714362A5B9B9F30A1AC23AB8", "5926B06B5836107355202B59F17921C65906079055E12A028E4DD9F171FCF571", "597C2145694DF5A917E3F9F9BD43AEC462B29FC711E770CD5D9D878B4692E6CD", "5A3DA932C26F9CF8D17B19C1875F653A0891006E087F0D4CB859C81D0D875725", "5A8825AD62C7A9668D229174BBF47E909FDDC63BC31C38BE196932E629C1F298", "5B0B2EDD5203252F048F6F7FEAB4D8B03C3C046A6B06FEEAD861F79A36B2F860", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5BC4A5FEEA0C738AAD077B1B33491400EBDE64B649B6E48142D5D0209905E5FB", "5C71C4B21EF8CF2C7925B0511520A2651B8EF89C97FD0A4F71D6C559935F0CC2", "5C7923D63FE9E28C3232FA5E48C042DF1DAAEFFA269010E68C9B0664FF539864", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5DAC43403A6D99FD575B46543303C4AE9DDB38B3F55FBF172BDEA1936A1DF2A2", "5DFB309EEACC06B61D408A7963D4B9522D38B36040304E118E4A9237BCD1B461", "5EB502607883E6A042D2D4DC60A0E2A2ACAB576C3EB0BB62E9770B79899F0725", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "5F468E7095FD7CDC6ACB31C903D40522F03AE2C875C15B90AB7E04C796279517", "6097D8015AFBEEA139CD04B0695213519AE407C70058F9CA2120CAD2E9367C6A", "61017E9A33F2AF48C2143A4F8C20339857CDCE271B93772622C33DFBADFDEC1E", "6234195C7E31959F34FEEB3A01B3AE191F8EB55B62E74A9D49559D08BB9DC38C", "62439DA1685C8834EE8D742776B2A816E2F759488A37A2E67FAF819FB474771F", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CD", "62FEC94F4A1EACC0867ECD6EE6D6FF73FFB45CC3BB9D7DA893593244E4FA7F26", "6390A51C827FA9826D05D6F22A5DB62BFFC9752CF836C6B898D5F5BEA5C44130", "63DAB7532D89108F5D2DC3FDE381EF3F537B4BD859941C18E4BAD485F5223BE3", "63FB87BD963C802AE05248A5B91A820121637B32C6439BE3685C2E1E04098097", "6470A30C25E8E98A770393E4946FDE7CFE3362A1DD3B87E75F8DB1F7CE3E88A5", "64B144D4864175758E474C638592BB488BADCB42046E3596B8AE3A6B7E68B6BA", "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "66015684C1166B9AFC7A09E01337D5D9FE20EF8B62A13053D95EA5EAE5B3DB9B", "661038D02866F33EB6B87BA93B6392F175A00BE95B7EEE223493C4967AEE22D5", "6680272534C119E2F4255DAC0A5F66CF25F5D99D47E9760C164E835E0C60EF0F", "66948D7226670072B6C80EDBCD87927FC5F0AB74B73B5295962AC2691C914CD9", "66E34F1F1268555AFF621DE0835CB61B63CC9DC4AC6ADFFFA92F33FAFD7C7E93", "6771D22CBA4F411B776687E7E7DFC88A07A853D3773656BFD792DBCA38A8939C", "6808EC84BE4A9DD5A0B439C6FCE9D4EA1BDF91E3E0DEBF72E5BEFD925D973E99", "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "690D239C58B9390FCF645AFD52B371B51B1030E1E9C92B0826778C4F0564517B", "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "69708648D7347A46AB7B2DD1702D4EBF5A57623CDB811A18663D65A9AB17A3C8", "6A2E92D36FABC1D54E354DFAE40C5959271B5DD0561E7165A41D0F6CCD6A7B7C", "6A3D77C5871370931B8EF09D751C43CB7D88D1F4949B0388D3B5C4A8EB90C83D", "6A9D776A5DCA8DC833373833D988E134B60F05259FF378B7B8590B9714CF2ECE", "6AC3D160EBC9B7B2A7A56866F588F05DBD295AB4AE46EB1CD3A574DC726F9423", "6BD8A28B17576E05E0B974C262EB42ADF09E98ACEB21D1D8CF08B3D64F137C36", "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "6BFA62BC112FABFA05C6C5C47562FC2C7D3EECB9F385BFCD8A861FE181F02933", "6C0F44079202A6A29F40AF9312C9BF35D7AB32AC9A43F7E92F1C25DAD4A35A55", "6C107A2A52C3CB8C7043BF560ADFEC6B0BE2520229D91A88B3B29AD9C90B1F84", "6C1FFD4C64A90ADEECC342C463AE4A2D627A083EBFD6A4348B199A8C68A07F9C", "6C7AB1012C7AEA493F61B3F3AE6FBBA52E283C9CF0A9AF85B280B9CA9D04A3EC", "6C7EF094F5ADC8D9F28ABF3F2EB18A600C9A1FFD5B394603509AB166F1A6FEE3", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6CEF08A1A5A2589C6B108019F507F85264A6994B29790BC8B95F25B7959C7A69", "6D942CB417D4204D06F0CBF19552CC6688E172640D20E82701FCFAE84C9D5423", "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "6DC2079D1DEF1A8376E6BDAF37134721B3E060FBDCEA886AA8D98E93AC31ADC2", "6DFC02A34D3BB730D9CBA6C97A8D3284FFD1FB8F5F3DD7D9B65FE6CA089C2006", "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "6F924CE97EAF01A558CD93CA2DE0592B84A0D2E46A023162677BE3BBE85AE3DC", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "7084187D54BEB894DB2BB6F2037591730564A54BC4D8B87EE94BF81E4984B4F5", "70D598FB0EC5B16C61F969E93550D01E02981B6F45DF9C62FFECF6A39D205317", "715F6FCB6F0439BFFCBB62E35AA259E82714E1A115B2957FFCD8F27BEB0EDCA6", "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "7244A71B9CEBAAC6333AB6E5193FF3AAF53E81390415B542DFF697EE598300A8", "72ECA624F1897E880B20E3BA243FE78C6A66224FD180FE337A72D958F8C9A7F0", "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "72F388362AF41C5685D24932E9104E4D10F2F34B4CB1D6A825C5735F1D4D2178", "73613052C113EE53CC4E1916471E2FCF495F0A7CAD286D9F9DD528B4EA3EB491", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "73F295E4CA98A62DC32C3F4805623BBE6C4CCCD3F58645888D4CF9A556BEE309", "74883CCC877A00E64646F1A01AC3B85889471753497E3ACCE0292F7CF617291F", "74CEE8219E1D60BC6A66BBFFF067E8FF68222101E533A8C6D0FA63EFC99459E2", "7560A74E2926246941C9FBAEBB3EC98EF899CD0E877EBB53F3C2438F3C7CB29A", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "7582812B2019D5F365B4CCE72C5159BC4809AA9DEEE541E742979D3F6A2D9250", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "76ED8A969B89E917406E6428B20653B4CA4683B94EF0C818185ED8F868517B34", "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "775B57CB49BD54DD08F0B362C9B1350CE27111393E547386D47B85F4B30A09B9", "777F0F4D068445CD2731DBBEDCB91CDA67C414E34826465D084D57BB6B054DF3", "779938A97DD75A10751E55A3B6E010476A868FD02B431E3A808A6AA73C5B9B18", "77FA959464E77CD2D3FEC090679425661D222D831CF3B1C6F715597D8077C55E", "7815923287D3605E67AC20284DABD3E5083AE4394C6377CB50A4EB0B0BE185FF", "787C1621D06EE465998FEBEFA80BA8B6DAEC2388BAF60D434FCE4B04471920AA", "78A64C39F176939E6FD5A7908A5E672F4858F0C8227A3F04047AC1A3364EDC0B", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "78CFFC4D2D270C24EEDC9DA3C157BE051A6915432AF4FACB8946F44274B08376", "7903136FDADE495143F71A3E245E756E02882A240487D59EEA3DDB9E21BCC209", "7925A4A82073B74561DC5D50CF078A50AF6B99A79615D52B72210290EF21A39B", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "79D11DDE94D9454365E3AA1412CDBD1A1B8D034E0320882C3AEA0F3D08C2ADD1", "79D43D17D2A976B2C3047912D4E3D7E3AD0E022693AF7355F8D1FB356A1EBD7E", "7A2D893F2FE7F77348033ABAB887687C87DB87D5D3A49EEC764B9B3146F2E94A", "7A49FDE7ADCEF894DC06F7EBB66248A05495BDB4D7DC915D503EF202BBE0A54A", "7A6BB496FE26603B63F0FFBE8159DD77814309FC3C3D3A21AB2E75CCAF01DD1B", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "7B6A0EC4B0BDE7D3CCC734AA346757CF04E0ACCB853B4076CEA5505A64B850B6", "7B8C92E9AC4C0844C5F46693E5D64A4DA51AE8805503D286BACEE2AB0D71C389", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7C3075DC61709575BE339C93B34A28129B878401D16A6C0C6F9E1D821614817B", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7C371350C79C6F7596054D8B19A4BAAD069A8ADE699FB847B44E70E03F3D6988", "7C630DEEF9C025461097DE30AF143B45E948D8E848AEF027D365F38629529B0E", "7D14B08C045BFDC910143AB7478EEF037B7EDE9D4C014BE6212BF743A8294BD7", "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E0CCCCB457D8A77AB9E189B336C99165EE3DEBFD72C3969F0C1103ED1D1CC6D", "7E2F62106B895325A750D4AC20BF018E0EF2AE3D85B9685ADBC3048C8D7487CA", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7EAF5CB207E5D468583094D39BFEB783DDAF939EF5BB4632C3FB6CBE7F70A7E3", "7ED0FCE37A97F5F651B14591C6C6F1841EBCCDC87C436E30BE88838436EFE01A", "7FE72ED4C858FD4F010CC95764D03AAC86CD4C73FE6C4B388FE981C9E76DD0F6", "802538304F01065B2827B08F583BE8B36F2EB7C11AE879DD4BF44A7339230B9E", "809E4CF694B5B95B122BBA4091FD01DB408F612E91FB12D54920A9623768E6BA", "80C82D4AEC70825BB02A52244FDB435C327699402A971856A7881146904B916E", "80C91CA022F79ACDEA0423AEF5701D511D848F98F4A10883EBD87E5B940F4449", "80CBA97D4C339564CDD3571C5AAD9B39B1141264FBCE736F56AFF8266EA88A1B", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "818D64FAB138724C60F014197EF2ABD600F61BDB47F446BB8AEED6AE2402076B", "818F5A4A45FD92D9C5BDD51402372648BF3F99486B2F921EA9BF3B1C047DAC84", "81CD97D40B599EE218115B7807E3684EEE7BAACF8D6358073A555F025CD33346", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "82D348B7AC274B1F17A78CC906F5DDC3A5C96BD23F4BB13600CC22F46FFF3EFD", "82D72845B48E29F382E3CB32198A7458539BFAEC832BAC6D7B23609003A86C76", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "8343792166570C1EFFDE17C0CE71E2BFA9FAFD2B634FE6633BDB666B9BB31F52", "838A16B0CE06CFADC4E063690DD0FFF6D0DC192AB216FFCF35FC2AB89203341C", "839F371B87C6C1B7E2DCD5C3A8BD19F178D93671B15DBD8A4ECC452EA553DF43", "84136D96DA7036EE5B9C3BE96A193173114E760A0B04831983D99C82317AF481", "843A643E29100FE80A1F85E4177BC532FD3AAA0F456EED8DC57146873CD867A7", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "8539DE7456A757926C37A62C64709FF860DF8937A7CC31706F5AC8F487B2536C", "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "8575D8248B9DA38940B8C0CCB82D1E07AFCED1CC97BE2C46A21CC51F08DEC7BC", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "858FB8E97369CD4DDF4CD784282A9BBA036EEA4C10CBA1596C7F829494127C80", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "8600D4FE1C84EFD70C8C1A94E48F4DDFC42B18B82D5F8C7EE6D12E22048B63B3", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "880C8CCFEF3637D915CD2A945EAB6F29F1CFADA9041654A93101F51058EC852E", "88434B8A216FA4E9A7EDA68EE4211C8B663C7638A841826D77EA59C924786031", "88AB81EF4773044E57A4B0519932B93A44584B2D567DE41B65A3D966948BD2BB", "88E672EE6743600353CC1FCE9AAD83015BDECEFED48265D3AE93AA4A277798EE", "88F727F191CFFC37044A03CB83B1BC4AD832285EA66FE76EABF1CD38612CA6F6", "8976330D24BA16C6597AF93C67C2A46121ECFA13975E064BAC48376E8563DA89", "899EB53FF6D7EF5FCBB2C9D9531FFAF9D68313191F09BD0D43CD9D8F32F900AB", "89DB701FDA8D57E716DB17DC1D2B06DF3EA63347FFD5556F145651826A5D4927", "89DBD775E165C8C80EAAC4824D0125B2291970233028B235C3C22D4EAF3CE227", "89FB1F6DCB93BD46FCFDD81C133FAF99D78B130334B30CD3B4040684BCED2BBD", "8A062C54043BB0CF7A61252E03FA7EAA12FF8430AE6C1DCE76464220A82D6828", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A3C4FBF20635DD01A5B58269ABD76FF6451A13FCBB437C76C92D2484A5C9ECA", "8A7CBA2B71D5656EA1045254861664DE723E7E42111C9EB7B46C28B35C734DA5", "8A87036F5C290A7EB193FCCEE8F258BACCA1FC57CC5D8A56759A27F177621DF5", "8B152CDC9A53DF1C3A7E1D3C9E764839F5ED8E125E207AE55304C80E5625D456", "8B2DED0C68ECC00A46CE2034FAB93BA0EEB7F806C221A4FD33002EBA16C90F98", "8B5D67E084AE4982DB3515893C2C62FE1E1A1BE11B1A02560CF7554F9DA413A3", "8B63CFAEEABC51DC97E6B89A9AA28B270B382B437AB0F2E9355DD73EA1589106", "8C13A93038AC136772B2598C633467116BF44538BBB507D836B65485D5AA47D7", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8C9587F7869864B7CD3E6A14F5A82A1980553CACD4F24ED3FEEFB284B9586E16", "8D247B2C235E7DDFF404A002426687ED23B6813663D6055A8B3835D362D31FBB", "8D3643997EE0806897E34CF448BD704E8B4F3BBB0DAF35D7C37249981F0224D1", "8DC736DE56FAB6587FE3F3374A135C46A0E7ED405164BCFB17F0C06DF2FA350A", "8DF4CCE6D3B3BD6718CF128480B98B065BFD992080DFAD9ADB995CF2532B7EDF", "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "8FFB1FB8D45E5C03E45C30E41196BCE576C4E549211454B380BB582B3643A6C9", "915F25F9D4BBEE1CAACAA6F5FD6ACC3E18033BE658B9A06B8B13ACD613C9B6FD", "9196B586E37F97C5C25F9D1D875117C2D9857DDCE95D8820B77DAD6F1C216C6A", "926064F28B2809B4877A8EA78CF19B1BD358570ECBEF53DC9ABC59798101D756", "92765D81072035449BBC85AE8BA3B1253ED518E7D82BB9301CFF2908A95278FA", "92D11E24F34620A6FE2D4691E3050E4E91C0E161FD1B94C9116E157ADB7BACCC", "930FC3DBD61B7E8555AF191AB7E1E95834FBDFDFC85B66000C95954661FFE18D", "93AB36DA337BD0948599C903BE961AACA714BA542798E8A1A52B5604155A59E7", "93B1AA01C91B4226F62B298212655BA798481B690E914639BA211004D1F8231F", "93D77A1B89E1A50F1C0067EF8EBF986A45818BA7243FCA3AE9F58E577BC97021", "93F376A33DAF2CAA98CBF6E0EBE1D85CAFA8457254A8255841887F4BAE5738F6", "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "94B0133D91DD1AAA87A9EB1F82E658000D52DE57AFAFF6E711787FF54BEEB5D7", "95C2166E43A3844158C127A63BEE990F476F0FFC80988625C50E6A864E13875C", "96F1BC33B1A4123DC01F7D62CECDF0FF996C1FCB5D658FC2CD55CF7974D3C4FA", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "97CF77A702900BA77E968389309024695F5A4B413BCB706E68F012C99DB07821", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "98DF90031B7BA31AA32E8B46921FD9F2DC1C82F868B4E85A245FC2D6CE4B1B9C", "98FBC29C8A3721BDF3BD24351FB4EDFE39F3D687293733385EB60C6187F38E27", "996F645DC3B49CC7398E4C90C384D03751E395B6523F4594A6FC7F1B1941A5FA", "99D8A2242C4257860DF42B10CC4BC15D4A28CE7A35CD078B24AE2BABEA92385D", "99E2A8F47F4108C69540D005070137804DC7E040890DE030D99CAAB2C61648E6", "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "9B0ACFF452374706F764D4FEC5E66F5BE1222C2B9DE832C586470B864A90F392", "9B35878E3255BD4F0C124BD7857A19827A15A88255A1F34DBFD9084AF055E1A4", "9B3FAF8E25D910B37ECDE9CDDF654F23BFDC8BF7D845184A2769393D46FD9EC9", "9B62CAF06445F7A9F3CB323F735964F6F62E516F86B9B57472BC20182276D3FA", "9C1D1FE90E2F187821C270EFC3B5F3A57AF88428D8DB76F072CD050048739C9F", "9C49B3B910ACAB3C030BC5586AFC34DCFAEE7EC64D7D8447E2AADA6C76053457", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9C9974897D9032CCE40784D8D39546999D4563EDB691A9F8F85E7C125665ACFD", "9CC05BC9AAF90AC9A35EC7A7CEE6806A4960FEA9D45AFD554B0BCC73294A38C3", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9CF7AFC641D593C078C001F6D73228861A95BD08ECC59A04A92C63E668ABAD78", "9CFE387228EDF2444E256198F05B5F01FFC949159C2A45DBC145447CA2120FC2", "9D369F46B0635D31A8A683338B578CAD380D46F2A6EAA8E945524F1CAD77AC5B", "9D4CE3C1ABE40F94B4BE3EE8C4ACB8067AFF379F67374E38DF455E5F62978BC9", "9D74E16E695D45F37788D786140C9FB31C6F44CCE29B81D1A1A36FDFC8AFFEE7", "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "9D9F8496AA1AAAE7CF135E4A6F86B7D8F86173A0E558AD93AA10046F0ACAAE6D", "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "9F39D71EA137D2859A42F241CC1E77B934EAC1BE55F523B997B27F88F335844B", "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "9FFD672388E3FD39EB2F7A51F8EA5C6593FD9BB5CBCF7E347F42124D11DA676C", "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "A0ECE071B650D8F5EC02E601175D0E3683680641E4438CAB1D935DEB21EBDD49", "A40A589B8B7C643E28A9A4004401F03C17A0AC69DEA5C00BDCF2D7C08F573EA9", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "A44A90E9B04B7C4B380EB943FF6ACFF64C74315668BA56172EFC9734F78EDAF5", "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "A53AB047D484B7CEFC288D2B4D810DAC537F3F75E6129B90A28D4BE9DA746C2D", "A5B0585B7A66B6807E189B29D52DBDD603DE69D874D0C35FABDE51DDBD7915CF", "A5EE6903D383C042ADBB5FEF76C2F60C5F1B6BFAAA0ABAB88DC4660244B7AED4", "A75CF978305062012B0B6A4CC62CA7EB1F166F128DE714368CFD89193833D8DE", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A7E7A98C18A437DD59F5F1F10B7CE5B2BFBACAE3F6E564B5B4F9B2226C989CA5", "A84A7C9BF929868F8166CB87D5CEFBA3C864431A4299CB147A963BF97FDE753B", "A8AFB71992370CD8AF9340FB766CB133288126FDA64D60A67D3B25CD154F2C52", "A8C4FAE86EAE65D0C1F3A30200BC3B099B396436A3DF948A48B8B78AEF01300E", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "A99E3F04B980E14EA168EF35F9FF0CC63287952BC8F944305B9D7E2DE3672C8A", "A9B346426D7E045BF1AFCAA04855729B0A1174B2DAF2F97666408FD0C01D4B12", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "A9CFDC9D4807EDD132C8A5C5CC10D1E0ED146D4064FDA44CF9F4A843B35576CC", "AACF6F6443D6B1F43A3B1EB2158C0974A7E3740F82735809A14DB68D406E34ED", "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AB1990CCF9D6A307BC98A44FDCD73837D64D583DA165615A5EAB1AC9A7D0F3F2", "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "AB91AC52CDF597E93AF79DE0C8F08E926367250FBDE0DB3DAF33556D0061634A", "ABE64FFA5410F4D2BA3B07A691F59D16ACB55A9B1B3E2D89003FB7346FAD7881", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "ACBA42A9F266755DB30CE35DBA1907FB61B1687AAD3415499AF5573BC67595AA", "ACF676405BBB5AE27485D9F48AD72AC6E8FE2D60EE0D4B0D45374459BCE07DA3", "AD5AEF2A5C571C6008D3EFAB58A32CF97C5454F4FD7A2DF5AEB0C657936F1BE2", "AD89222617F895F6A68483970725D63E3E250AD136E5FC669CD376901654FE99", "ADF65B4A474E1421F71559C3F519C310FC36B59F7BDDCDE5839099E428CDBDB6", "AED3A66493C3939E184C67E808AAD3B5C01A31398E8573966247517E35DC5A65", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "AF96F8175B370259C2978FE8A5A5396BADBB52E23A2648B33D100DCDB1A68B2C", "AF9FD56EA5BF3F5BCB57F75A6AE54511504240DA00654FA57F2B5BA41E8F0751", "AFA890CA771EA342DA6E982F14E9D4BBE04969AE8802BF1BC9D079A758C8055E", "AFEEA2FD6DAD8D0A14CDDBFE5B88BAAC96CC7F69AE0C82038055448DFE0E6A90", "B008610A37C6D22744FBFF511A07C43195D3F707766A5E89AB1E4CFCD0DE65C5", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B0AEB074FFA0854656EFE3CAF612805ED0F2B662B12263D2B3084481427FAB2B", "B180B820F6F3D6EDAC7172E78991F02AFB09886A95FE4CB55E9318F8D116CF4C", "B1C96325B356B6322CE436FE75F350F9005DF2C5631508657564896656251B8B", "B22C029F5DE1AFDA33C7E45788FCA8B344362343E55B19D3803A4CCFD8492525", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "B26BA31F7C8E180B2476A6D17348E9C8899E4E6C0D69D13EE7B0DE3A1B8FD9D5", "B2AE7BE38BB1D2FC6DC76887E9BF5080C8D6B44046C99122689E3A914F443661", "B2B68C580CD4171A7F8B6F6C9AFDAF01A0B27307289C6197742BE7B8A33D5D39", "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "B2E9977303086EC5343BD24988CF7305556A2728DFC1B6D8581FB2141DD07E6F", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B314C20BF91C600149F279A906C6EBEE84E73ADFE2036985C9D6023680EB2CA8", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B38CC41D14408E3A9CA8CDF7A847F854B44445C246B3F7642F746F0F82E60651", "B405B568B68AFEA07B8166064FAA890F3BF9F3CC511F9A01DE32970B8A066315", "B489C9D0FE3752A253C934B48E8955F4EA8C3670CA3913D9B19310DCF54EF784", "B49C4446E6FB71C3C0944852AB81096006AD85BA0DF0C93938657176A22CBD9E", "B4ACC50FB3EFBFCDCC381ED7E344E2F40C781747A414909444C31FECCA264613", "B4C324A6FD8EF22AF23E006EF9A141FD3EBA5B12341EF67665F1428E1D1AA71F", "B55B1A3F2F88EE587B227C0CDC141FBBE6F0C7B08B5901F3C10515B17FC3B88A", "B577D1FC3D629F41024BCF0BE7C105068728300737337BFA3CE48C11EB6A3991", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B6E330D558AEA3A63E5B06D47046243959B8C2B20BA7866AAE3FA6E59F30BEB1", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B80E857F01B07BE9A7EE60BFD8FF52F82A16A63194D34BC2560D982812DC6722", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B92350DAAF295761666E616275C53B448D53547B60DB7478FE3FCCE518028947", "B93B1ED022809B9A00E51D3D9FF14D51097C6F07EC178C4396907981684D8768", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "B969FE7130BCAD03B5F16694D6DB94079140935ECAAF2DABA8FB7CA6CE7FD40E", "B9A37A9137A6A153E70081729BB78D8014252B973451FD1F85F546C27C63DFCA", "BA0ECBE0DF73AF77D0BC9564AEB2B59377917457D1B75D09F5309EFDB91ECED2", "BA3DDD51DFB033E18FF49D92126084AE511DAC47EEB0E94DF2D74FF080666A8A", "BA641051633E4D947A94268037F8B8865B6EE865868B44CAAC2ACF192C454E89", "BAC0ECD094048AB5764245E3813A4B3FD7B15C38CF78917E44082B74A378C2E8", "BBF5FBFE519F80A6B36C8E6B6ADC28B6EFD07A34E8008B141A42401A9CE1DE28", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BD0B415C053FC80669F34B90324081AA9C7BB6D74CC54042D2661B32F9E38691", "BD244D6323B186793AF96234D84BC097585F104DD8186806E8394D4EE6A8D3B7", "BD43DD1867AC2917BC9CDC37222E975203BCC23E7C7CF119168DA166A717B0C9", "BD6AE1C01578D2358D9720998260BF5FCA8B53021F548065995F3783AB704E64", "BD8C0A1C6CF7A152703C30BB58CB250DE8EF6981B86403CF103D9F8401EAC584", "BE40ACF27D8AE17579CFB2450280D344E32F14B5AFCC639EDB71C9D294778D10", "BE6AD58A022BB56A3A5A5D649CAD4A34B2B0B0E01378F7AA0A728B550261D88B", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BEA0DEA8581DC561B3E0FB6213C2324D0764CB41F471CBFCCD4404F07F203E7F", "BEC5CE0A39BF468C1CF717499397D0B4CFE3022F0DBE143403F4FBF431616E65", "BF213EBF65AF92778246EF4D81BE5B1C231E52C3E877DD795B29DD878DDC4E68", "BF41D09DF48C86BCBCF88C9739D2BEF30253919BB747AA42D4C2F982E9520049", "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "C0F80B7C16C9B80140D483C0FCD6882278F7435E15D4ED92C57FFA7E310185D5", "C138C333E90DCA6AA63BD629BDB1BDDA88BA738775F97FDCB002A66BEFF89FDD", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1D9958BFA579EE98300BDC2B103453D56B7C17B363EDA27E5C73DA50175B526", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "C270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8", "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "C2C6C7F101E8DF80A7C41D3B860D83FF7FBDA9849EE7408F7B000742FC3F3077", "C2E1B6F103D16592590804EC21CC266225CDAA4E931E62E62D9FD5256D6D1B8D", "C2E8B6DDE464206AEDDA1C71AA033CD48E5CBB40D6C71D0239B45AA056C35190", "C31D150033FD48D09A309BBEFA4383E996752BB2E541CB9E4A69082ABF2CFD19", "C359E298B12358DC12E6A45A12F75C3BB2B1939DCD44D41BC06D12AB4EFD80F8", "C3BB49B3C8FE94F0C2662ED25678D79EEFC058304091D3E0BAA71319AC666FB3", "C3FB79ADA39B46791DCF93E4A2B6E50FE2792D0E382EF08036106CE4972770C2", "C419E4AE704DBAFD5EFD078AE673E051D209740CCE61A07F500573B347A7F595", "C57F30E6E03342E3FD025BF48AF7CBD1C692306C4F28B21C315740C154CDA1B1", "C5DFD6DDF0D044C736F3F1427CBB14FC5CF33A1F5084FA65609536B85A5FB9AF", "C5F0A3013333B48D4C08CB3D13549994F17CDBB3EA06E50A46D8068D5A06FCAC", "C60312DD4456859B78E832888299E71CCC39B8E89A87B06FA2CC4E4C62CD4C67", "C62E2592B0FCAE9D52C20B9C7B33E6431777A77035FEB591505DA1F783B680C2", "C651E37BF4B96F4EB07264F5CD8AF5358C07A1B2AF852ACFC9AC82E9E6722BEB", "C6C30575B8111B1F0235943AFBFB3EFC95AC6BC7ED4517C4C9F4D899336D20C9", "C6D76168198B9EF24D77F1D04BA06E30D33B0C7D71C8457114E69E1A43BB68AD", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C7AD01ED8396F848695B894C5031106AF62D73B726EC65BEE5BFFADBBB267B14", "C7AE65EB0D706F20B5B2D3D4E72252697ECA6AA7917A58A2DD40B4293B199DC0", "C7CBDBED0F63DA6EE5124570703632B6C2AAA8D5D0DF99F9E70413BFC17257F5", "C810968492FABE70B0CBF249C3674187F1C428AC5C884D1DBAAB3F0B6A3A7FC9", "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "C9594147E388237928595F1CF759F8EC355015BE6AC29A030A2FA3207D9B6DE4", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "C99D1694993A63B13B3DCDE59C9A05AD82DBBD904140AE1DFD691BB96CB5D0D2", "C9A06C4BC1ACE55A17C7DD2D9DD98AA6FDEE59C9586CAFC2375754D88139C6F2", "C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03", "CA022F6C74AB029507A536E48E400E3EBCD80F6563DFCB94ADFC3887F1C436C3", "CB24DC19BF83B822003CABDD77CA54AAE9629C8F8261C7B16048FFD862AA120B", "CB650C098E7F975732842DF3BA263EE87E1FC1874100FCC105AB0C9D8AA03627", "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CD43CD526A0719BBAB179EE22DAA2D078CA3A822CE986AA28BE62C2D1F89F650", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CEA8562241BE5A645E85774FF42FC74D03D022DC3900B1FAA02C44BE43266A35", "CEB12B4664C1D9045CE6A2D526284519816A08ABA9E1E6F54060B27C0BB3429D", "CF2BF653951F57AA7BCC09D12353C414FBEE64EB71182AEEB1BD9B590AD53FF1", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "D0436708E17AE06481C5D812D4085089BCF7263B197EC4C10E8312B7221AB351", "D05CCE78047F8DFA45B21DFE0E7EB2FF33240CC3C29D657E0AFDDBDB1AD579FB", "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "D0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE", "D12D4BA37401CEB11895561D471A9AE3CA7EAB842BCDE04258D6F9B744444396", "D209AAB4C0E35A5C114E62A6D853762DB0AA9080D963F0EECA922C5D3ED15307", "D24802352877517E1A734910AA5B470C280E95428999292362B5DB5785262ED7", "D2A77E25120EBB96CE3420A715254715ACBDBA7443A8362379DA5420DBB7AF32", "D2A8B7FD0D3A20180EBF8484490243C0DC038E552B987004A03D622D69BBA611", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3418B2E96E89CF57CA80D7EF71EB4B4A624C51867F542D04AC6C83CF95EA96D", "D3BED0E83235D9426D986A11755E3B30E87187B154AD1097AE25C384A5EC66B8", "D440AB0DC8D9679FF2760722F07B74524E47DD8175CD280720BB282C7015F027", "D453C632FF9EC3087898B06E3DFD86A6FE0EFBF4D9E74F1A54E4DB3CBADA0D49", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D4D42F15E592E98F112EFA53B5158D86EA79E4A7294251AB7991615DF7CA6494", "D5006110BB901C8B28332845E7232D26FD36B1609362E9BF8C8B8705EFBF33D5", "D571B2DBB08EABEC00D0833E394CC892F85B3962720970359E847737F4F13DC0", "D5AA5A836C6CC887766560D5C0DEA7A00ECE08E7210420C4B9BBFF45EA1FF9F6", "D5BF1FE525B01682447EFD55160A8195EF7FA38F1D1981C6E87D234FF816F726", "D5D68C274689503F08DAB338007FECB9B03D6956ECF160CECB37263C1DB02BAC", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D60E46330596DCE2059EC92EC698759ACCB875541CC622F435EF733178728B73", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "D7448193BEC97EC6B90CB3869926C86749C2FB9859BC66CA55A2B2E7B21D692F", "D81266EEF9A30224B03C1D4084FE2FB22F1A32AE3AEF1D43DC3CA53C8F5BCAA6", "D87699740B30BB25DEC2F8B16CA15FBC5C6247D272AD4BA218F8A206B588A8C2", "D97523F351811F117C3809A675614FA0AA4991E5EDCB8B79553402FA3DF8666B", "D9B33FAA9F87D18625F5A08EF5634D73168FBB4A49FD551EFF5B173DEC473E84", "D9BE0065398666E1D67CCC53BE7B141B9D057940F7F6EFEC200D45AA41B346EE", "D9F3546932BD432766323A6E9A562D656E3EAC77AAB6EE3AAADFF6008E59BC30", "DAB6CB181424781D3CAEADDD031227EAB5B67EECC36B24ACF558ADBC524F2D57", "DB1D092F7A9003CE3422469DC672EF5AA2F47316275AF699D295717C3F15DF23", "DB866DC8DC23646847AE5E9E25C02B2DF2A195A414B2734DCAA102E637957BAF", "DB88427B9B30E7BC27929575B10F1309F406508317076AB2CB83FCDD79124D3A", "DBB6DD9C02ADCE6AA69827D5B0F8FCDDFFC9615FEA11F0FCE68280F208BDA84F", "DBC08F11E8C546F68BF3DB9830663489611F4366FD7EB52BF39808F516F3BEA2", "DBD29332B6E297F25422EB8C28791AE3DD704B7B9FDB714ACE7016CEEC63D122", "DBE2C597A340BB7900131FBD56B9725ABD555479F4A26F00BC0341CBA4E926B2", "DBF3688DBA798444F3C298FA2AC7CFA893F49EE4F4F4469F192EA874C9A777D6", "DC6CFA97AFC11ECA8AC903B07B25377D9849F6E270CE2A8494F78E7B651A0389", "DD276150642C7A4919049E6AEBEA80520991077A02AE872E9765C43C235BE583", "DD6B46FA2DDAAE6080D5C927EEA372B16800D8CB903BB5366DA05ECEEBE80546", "DD6D1ADB4E0823703EC8B875E430BC4DA6EC03FE4D9BEBF09A0A0BA75C5488A1", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDAE44367545E909F1C5E82BA6B48DEA1D51F717CEAE6CED7805AFEA883D85F1", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DE915924CF7F2670B1FFCDF6498DBB124F4087216A8B4D38EBCEE133912CE5E2", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DEC8B1857975B965D873A8BB6F56B19058C4EFA0C242EB808E499279F11EE7B2", "DF03CD856A57D7360B711A6E6395B099DEE028A64AE6341A99493DBAF1274A4B", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "DF9845B5CD848617208B0EC5B8F93FC202AF4F0BAB591A495B64E0E893A28258", "E03A484CF469BD6B2DAECCB473A7503A0790E5B2AA59D4D44D65E89DF09A125C", "E07E9939487B5F63C0252300712F7211E6C0B89676F9E5D5E2613D17BD23D356", "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "E12AC4164A95297C0432973D30F603FA386B4210C32C90DA21EC4D23B1C17983", "E1347202BCC47D3F31895563DF1F7842BEC89FA802656E5A1AA1C6417187343D", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E30E73EC52C28C43A6E751E1BE29D05BB6EAB02BC422665D82F3C431254532A5", "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "E4E6D09992473E915A5B9D428C1AD32743DE91E85736331CA3E338064E329F6C", "E4F1412A1D8DE30CCD83601270D8D277174BD0457FA6404CF24F6B9AEC25B0D9", "E600E0C30FA57438BAA328F6729F104613C088264EDBAF41A037C964282DC8A6", "E6153C35BD44471C95F1EFEED9B29C46E12A43C017CCADB1D87BD84154E4A620", "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "E67441CCF9840E74E9AC61C45895075B9F65BB9C0A44EFD9BE418AA4A069F2CD", "E6A3CDDEC0E8C0243CCF6E3AE7AAC01B3BFAB2E4DCD3167478C7DABA96539284", "E709674FBABF3ACF153296465B387FAF06F18F887BD2A7754503B905294A1BED", "E73B069C22847DCB042A534F76F473BEF350E9CFB3DC356BB864C5308AA99F79", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E7C680A93C62F0B55F2401C00071445427D43012DF7D06E7DC5A5AB3EC669708", "E8502415402D8DEE3757A91FDF5FC83A369265B0F5E2AE2A7246A3FC800EEE8B", "E86DCEB6651B95237476E23B70130D8F4337ADC2F5373EFE882B96F303FF60B5", "E8A312ECF86D6A1C6D9722B8D51FDE987A400AF0C6568E0E843C6327878D3511", "E8CC192D6E15BEBE986983A316004294627ED7683B92C8AA39E3B1075CDDF8ED", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "E919E9A36C657D0228D3DA8A63FA716B3583174E73FC9F478D6A0F12BD9E2448", "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "E968D5EDF80FD5A67D3FB4F777F2CF43CB076659D0CBC8ED4BEF3BDE224F50B9", "E9A3E2EA3AE2ADD4620D37196036A6030F0C51283082B6F6903A10C2A73E5C49", "EA4BC9A6E1BC28B39AE0C360DA599139777EC05EDFDC5120E91AC3051300D3E7", "EB20B672B0F8880C0E9D8D5292F68305326883CCEA193494DABCBD14BB06A184", "EB35F3903665B093DC82F63C06B8B4D6AE8341755EB9D3F206A460F8FB5E31E3", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "EC4680A726FB50E4B12980B4ADD271AC01D733FEC93E24F9E55438A2237587BA", "EC68A07B2C3DAE1C815890F259C28E42A77D5A3444423C6A6324A3D881B16265", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "ECA621AE304FA51F0974015E6EF41E09AB13E9BEAC095E789433056EC149AAE0", "ECF06138F829B325BA5C57FAF5FB916F90E229CE209E8C4E69FC4ABB87903647", "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "ED421E5B06D77F465CCEA96D8345D19C2837ECC2D4297803042D83E3B60C624B", "ED60AC8DA8519FF62B67D9A42CACC711F4D100223E77E6CCFEC7F0D7ADF7426D", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EE2718514028559E6F27A557F3B2FF99E3B2AC3C33754AA2CB57AD5E245C7955", "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "EEADFCE7376B4C7BBDF65350A68C47467DA49B51FA466510F8BDC19E5C9B12CD", "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "EF278B879FABFCD33CBFA7E5716BF90FFC824ED248C2C027AE2395CB22D1629A", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF5A55D8CCABA9019F6306256CB26946DC810DE7EBB1EA5F4D90251B35752411", "EF61076F398E7E703A00D1503205A1E6D7D23FD6F5942CC3C0F34D08EE3C113F", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F0E62F1700EDD02BA2F3839DDD88EA046C8C342A2FAE608A27D02F8C7F20EE45", "F17B6C2B5A2F6F8DB082C4DED5ED8DAC4B50BE915018F125A71736609CD387CB", "F1FCAD9702724B4983D6B5417FBF364CD19F0F19F7D722D5D70F3F75EFCA5438", "F22F8C611651BB5F2E58AC10F1F1DBEBF4869D3A824C40D9FE14FEE332E57295", "F2A538AF2ED1CAABCF5F0891DB02363ECADA659FE7F2989D3CCD7668E4585622", "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "F3CCE399EBF8E0219B3D30EEF7F522C3290C31BEBAFE8248755CFA8EE7793280", "F3D0670515A02D7CDDE09BF21416666DF78E27F0D06E2A9072A83D9BCBAABEBC", "F4A34005E745D62ED5BBDB831E5D767C24B118051EFDE3423ADF017A2626FD14", "F4BDACE4C2BD969BE014F58FD96BAC012DCB9FD40640A048ED223245FEA36AB5", "F549A2FEAC9B8235BEDEAB1D1110EF3A8710606A890D4EE5C62A7F21A7169A12", "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "F60FB6B417861EFCE2067F8F14DE0B1CA58EA7D370406ECFBA09B863C8963687", "F631FBF3345C07F81D82B960695E1646F617E669785B8F63DB760D886F1B2C12", "F6AFA8ACEF585CD43E06DE7164EBB8240A1255197762E88CB2BA50823C840FA9", "F6F81EC2A93E77E4D599C827E29E48EFC512C7EB406ED8ADA47D239D81A82F3B", "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F8A3D4A9CDB2E69EDABA736EFD7D24F77520D958AFA106D11E5EF76D4D31E151", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "F967014534DCCC8F81A119D3F6C4F892D3391900CC61B075AAC35C3073D741FA", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "F988C4692D2E552B4E225648097C2785A4DF9A107750563427C783A0CDEE0C5B", "F9A935F07F0C2592550406829A333AA17FFA9DE5B312BF55A008E03FEAC4C43E", "F9C3BC218F02B41A1EE998B0C9BACBCBA2A26044AA17D86E90806B1B4853903B", "F9CD4ED7EAE495E6A1286F1C515E4B4F59C16F49BE7B4FA7E188219A3727D224", "FA37EFD6BCDF8414B1B01DD06C96E0D1E771E69F214D77948CB831C765C409D8", "FAA2B691DD1E76E786CADE53CD8A2391FDC6BE6F5B14624181F6008CE76C4E36", "FB0E745575ABD33F44D9E76B74AC2CFBE84B2A1963AEE86E3AB5E79959011318", "FB22228C0335EC32E22ECE7501256187C9DBD5B51755785F2596C8392A43AA22", "FB3709EBFC8A5FAB2E4236B7D00B54901E29184F499A4CDC2801BEC9E4905342", "FB60760FFBC4C1641885367A133FC454DC2E0574DCD44CF7D9CE310281E34594", "FB725790185B6C1D6E94DE5593F9324A99EFC707F2DA722AC7D3588D3D90484E", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A", "FBFEA5EF43BC9C309ACAF565179869AA0039FDAA3ACC80FA73069A002E54D0EB", "FC2A12A3D5CDFFAEF50A77215E69039CD0E678811823B3B21F6B390DAB68C2C0", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FC8C17DD115E571F97B5F3885C8242567934FD310C97F79C46B626881E94E7C9", "FCCC0F3B66FBDAD0D2E95FD368A9EC23B1CACB02F277AF6EB3B63115AB8DEECF", "FCEEB61FFF0AA043526B3AD29A5AA38A5A5E8F0EBFEBFB7196BA2301B080971B", "FD341E9565DA038E3D3F3270185E1B7137BFC83217539B927AD2DB28B1679270", "FE0CD9D782041746DBFBA9DFD5A169C98E21DF40D5DB566AD15D9898EFE9D6E4", "FE20A5D1F4849E14D48069BAF660E8CC8F27B6E1A52250832431EA5A43960BAB", "FE3BD282967A6B7E515961E80162D820AFB7A6484790830E840CF40337EF3235", "FE677F8124D30F9DA6CDDAFFC556D7B803853FD5CF922714F2CB4FEE4E8AB3CC", "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F", "FE7B997F67C37DFC6E3439F0BA52314A66B42B21A8011BE962695F0F97CCBF03", "FEE75B41D176D343E68FBF3A86316A1A946E745F12AE67CB789F7746D1826A8E", "FF8A5C202A165C6A86DAF62B5BC19ADD9FB787B84C46A73C2E35849265921673", "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E"]}, {"type": "ics", "idList": ["ICSA-14-198-03G", "ICSA-15-064-01A", "ICSA-17-094-04", "ICSA-17-180-01", "ICSA-17-180-01A", "ICSA-17-262-01", "ICSA-18-144-01", "ICSA-21-054-03", "ICSA-21-075-02", "ICSA-22-160-01", "ICSMA-18-058-02", "ICSMA-20-184-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:461A7AC5896687E62024A8D8E5A3749D", "IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7", "IMPERVABLOG:5E50E2263AEAFE98B90E01B16AA73334", "IMPERVABLOG:697E34BE77BECD65BF763ECF92DD1B9F", "IMPERVABLOG:6BF557CA0830C9058E2409E8C914366C", "IMPERVABLOG:9AF395FCAE299375F787DBC7B797E713", "IMPERVABLOG:C40BB28F51D206C8BB23721D1ECED353", "IMPERVABLOG:DA39045C8E700086C560AAFFDBA589A6"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00039", "INTEL:INTEL-SA-00067", "INTEL:INTEL-SA-00075", "INTEL:INTEL-SA-00082"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:BE4DFA5E9902B1180494294571F4FA61"]}, {"type": "jvn", "idList": ["JVN:03188560", "JVN:07710476", "JVN:12352818", "JVN:45093481", "JVN:61247051", "JVN:89379547"]}, {"type": "kaspersky", "idList": ["KLA10266", "KLA10359", "KLA10382", "KLA10447", "KLA10452", "KLA10460", "KLA10479", "KLA10483", "KLA10570", "KLA10630", "KLA10765", "KLA10798", "KLA10822", "KLA10847", "KLA10888", "KLA11074", "KLA11076"]}, {"type": "kitploit", "idList": ["KITPLOIT:1841841790447853746", "KITPLOIT:2304674796555328667", "KITPLOIT:2973941148692546578", "KITPLOIT:4611207874033525364", "KITPLOIT:5052987141331551837", "KITPLOIT:5230099254245458698", "KITPLOIT:5420210148456420402", "KITPLOIT:6372579284509577146", "KITPLOIT:7013881512724945934", "KITPLOIT:7323577050718865961", "KITPLOIT:7553690576096019209", "KITPLOIT:7835941952769002973", "KITPLOIT:8024306166267359540", "KITPLOIT:8672599587089685905", "KITPLOIT:9079806502812490909"]}, {"type": "krebs", "idList": ["KREBS:EE70929DE902D9B233E209B73C1AD4A0"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-NOSID", "LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500043-NOSID", "LENOVO:PS500093-APACHE-STRUTS-OPEN-SOURCE-FRAMEWORK-REMOTE-CODE-EXECUTION-NOSID", "LENOVO:PS500093-NOSID", "LENOVO:PS500104-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0085", "MGASA-2014-0255", "MGASA-2014-0416", "MGASA-2014-0489", "MGASA-2014-0490", "MGASA-2014-0507", "MGASA-2015-0022", "MGASA-2015-0037", "MGASA-2015-0096", "MGASA-2015-0111", "MGASA-2015-0140", "MGASA-2015-0246", "MGASA-2015-0296", "MGASA-2015-0466", "MGASA-2015-0487", "MGASA-2016-0012", "MGASA-2016-0027", "MGASA-2016-0056", "MGASA-2016-0099", "MGASA-2016-0105", "MGASA-2016-0114", "MGASA-2016-0169", "MGASA-2016-0244", "MGASA-2016-0260", "MGASA-2016-0262", "MGASA-2016-0312", "MGASA-2016-0317", "MGASA-2016-0338", "MGASA-2016-0408", "MGASA-2017-0041", "MGASA-2017-0042", "MGASA-2017-0117", "MGASA-2017-0146", "MGASA-2017-0233", "MGASA-2017-0250", "MGASA-2017-0289", "MGASA-2017-0311", "MGASA-2017-0332", "MGASA-2017-0333", "MGASA-2017-0390", "MGASA-2017-0453"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:4993027161793E66024E0B42522BB53D"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-GATHER-SSLLABS_SCAN-", "MSF:AUXILIARY-SCANNER-HTTP-INTEL_AMT_DIGEST_BYPASS-", "MSF:AUXILIARY-SCANNER-HTTP-WORDPRESS_GHOST_SCANNER-", "MSF:AUXILIARY-SCANNER-SSL-OPENSSL_CCS-", "MSF:EXPLOIT-LINUX-SMTP-EXIM_GETHOSTBYNAME_BOF-"]}, {"type": "mozilla", "idList": ["MFSA2016-35", "MFSA2016-36", "MFSA2016-61"]}, {"type": "myhack58", "idList": ["MYHACK58:62201672113", "MYHACK58:62201784024", "MYHACK58:62201784026", "MYHACK58:62201784086", "MYHACK58:62201784379", "MYHACK58:62201785941", "MYHACK58:62201786348", "MYHACK58:62201786819", "MYHACK58:62201787046", "MYHACK58:62201890758", "MYHACK58:62201891264", "MYHACK58:62201892036", "MYHACK58:62201993410"]}, {"type": "nessus", "idList": ["700055.PRM", "700057.PASL", "700071.PRM", "700079.PRM", "700080.PRM", "700081.PRM", "700082.PRM", "700083.PRM", "700084.PRM", "700085.PRM", "700165.PRM", "700185.PRM", "700186.PRM", "700187.PRM", "700510.PRM", "700511.PRM", "700649.PRM", "700670.PASL", "700700.PASL", "801619.PRM", "801937.PRM", "802000.PRM", "802023.PRM", "8253.PRM", "8386.PRM", "8394.PRM", "8552.PRM", "8562.PRM", "8617.PRM", "8661.PRM", "8662.PRM", "8677.PRM", "8790.PRM", "8791.PRM", "8801.PRM", "8830.PASL", "8979.PRM", "8981.PRM", "8982.PRM", "9080.PRM", "9081.PRM", "9207.PRM", "9259.PRM", "9324.PRM", "9327.PRM", "9331.PRM", "9336.PRM", "9383.PRM", "9389.PRM", "9390.PRM", "9460.PRM", "9464.PRM", "9486.PRM", "9625.PRM", "9626.PRM", "9627.PRM", "9628.PRM", "9800.PRM", "9904.PRM", "9905.PRM", "9933.PRM", "9934.PRM", "9941.PRM", "ACTIVEMQ_5_13_0.NASL", "ACTIVEMQ_5_15_5.NASL", "AIX_IV69768.NASL", "AIX_IV73316.NASL", "AIX_IV73319.NASL", "AIX_IV73324.NASL", "AIX_IV73416.NASL", "AIX_IV73417.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73973.NASL", "AIX_IV73974.NASL", "AIX_IV73975.NASL", "AIX_IV73976.NASL", "AIX_JAVA_FEB2015_ADVISORY.NASL", "AIX_JAVA_JAN2017_ADVISORY.NASL", "AIX_JAVA_JULY2017_ADVISORY.NASL", "AIX_JAVA_OCT2014_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY11.NASL", "AIX_OPENSSL_ADVISORY12.NASL", "AIX_OPENSSL_ADVISORY13.NASL", "AIX_OPENSSL_ADVISORY14.NASL", "AIX_OPENSSL_ADVISORY15.NASL", "AIX_OPENSSL_ADVISORY17.NASL", "AIX_OPENSSL_ADVISORY20.NASL", "AIX_OPENSSL_ADVISORY21.NASL", "AIX_OPENSSL_ADVISORY23.NASL", "AIX_OPENSSL_ADVISORY9.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1078.NASL", "ALA_ALAS-2014-292.NASL", "ALA_ALAS-2014-293.NASL", "ALA_ALAS-2014-349.NASL", "ALA_ALAS-2014-350.NASL", "ALA_ALAS-2014-351.NASL", "ALA_ALAS-2014-426.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-469.NASL", "ALA_ALAS-2015-471.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-473.NASL", "ALA_ALAS-2015-480.NASL", "ALA_ALAS-2015-493.NASL", "ALA_ALAS-2015-494.NASL", "ALA_ALAS-2015-498.NASL", "ALA_ALAS-2015-550.NASL", "ALA_ALAS-2015-595.NASL", "ALA_ALAS-2015-614.NASL", "ALA_ALAS-2015-618.NASL", "ALA_ALAS-2016-661.NASL", "ALA_ALAS-2016-667.NASL", "ALA_ALAS-2016-682.NASL", "ALA_ALAS-2016-695.NASL", "ALA_ALAS-2016-702.NASL", "ALA_ALAS-2016-722.NASL", "ALA_ALAS-2016-725.NASL", "ALA_ALAS-2016-728.NASL", "ALA_ALAS-2016-731.NASL", "ALA_ALAS-2016-736.NASL", "ALA_ALAS-2016-749.NASL", "ALA_ALAS-2016-755.NASL", "ALA_ALAS-2016-774.NASL", "ALA_ALAS-2017-791.NASL", "ALA_ALAS-2017-797.NASL", "ALA_ALAS-2017-803.NASL", "ALA_ALAS-2017-821.NASL", "ALA_ALAS-2017-822.NASL", "ALA_ALAS-2017-860.NASL", "ALA_ALAS-2017-869.NASL", "ALA_ALAS-2017-887.NASL", "ALA_ALAS-2017-888.NASL", "ALA_ALAS-2017-936.NASL", "ALA_ALAS-2018-1016.NASL", "APACHE_2_2_32.NASL", "APACHE_2_4_25.NASL", "APACHE_TRAFFIC_SERVER_511.NASL", "APPLETV_7_0_1.NASL", "APPLETV_9_2.NASL", "APPLE_IOS_81_CHECK.NBIN", "APPLE_IOS_90_CHECK.NBIN", "APPLE_IOS_93_CHECK.NBIN", "ARISTA_EOS_SA0018.NASL", "ARISTA_EOS_SA0020.NASL", "ARISTA_EOS_SA0024.NASL", "ARISTA_EOS_SA0024_4_17.NASL", "ASTERISK_AST_2014_011.NASL", "BLUECOAT_PROXY_AV_3_5_4_1.NASL", "BLUECOAT_PROXY_SG_4_X_OPENSSL.NASL", "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "BLUECOAT_PROXY_SG_6_4_6_4.NASL", "BLUECOAT_PROXY_SG_6_5_4_4.NASL", "BLUECOAT_PROXY_SG_6_5_7_5.NASL", "BLUECOAT_PROXY_SG_6_5_9_8.NASL", "CENTOS_RHSA-2014-0624.NASL", "CENTOS_RHSA-2014-0625.NASL", "CENTOS_RHSA-2014-0626.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2014-1653.NASL", "CENTOS_RHSA-2014-1948.NASL", "CENTOS_RHSA-2015-0066.NASL", "CENTOS_RHSA-2015-0067.NASL", "CENTOS_RHSA-2015-0068.NASL", "CENTOS_RHSA-2015-0069.NASL", "CENTOS_RHSA-2015-0085.NASL", "CENTOS_RHSA-2015-0090.NASL", "CENTOS_RHSA-2015-0092.NASL", "CENTOS_RHSA-2015-0715.NASL", "CENTOS_RHSA-2015-0716.NASL", "CENTOS_RHSA-2015-1115.NASL", "CENTOS_RHSA-2015-1197.NASL", "CENTOS_RHSA-2015-1330.NASL", "CENTOS_RHSA-2015-1695.NASL", "CENTOS_RHSA-2015-2521.NASL", "CENTOS_RHSA-2015-2522.NASL", "CENTOS_RHSA-2015-2616.NASL", "CENTOS_RHSA-2015-2617.NASL", "CENTOS_RHSA-2015-2671.NASL", "CENTOS_RHSA-2016-0301.NASL", "CENTOS_RHSA-2016-0302.NASL", "CENTOS_RHSA-2016-0370.NASL", "CENTOS_RHSA-2016-0371.NASL", "CENTOS_RHSA-2016-0372.NASL", "CENTOS_RHSA-2016-0591.NASL", "CENTOS_RHSA-2016-0684.NASL", "CENTOS_RHSA-2016-0685.NASL", "CENTOS_RHSA-2016-0722.NASL", "CENTOS_RHSA-2016-0996.NASL", "CENTOS_RHSA-2016-1137.NASL", "CENTOS_RHSA-2016-1421.NASL", "CENTOS_RHSA-2016-1422.NASL", "CENTOS_RHSA-2016-1538.NASL", "CENTOS_RHSA-2016-1609.NASL", "CENTOS_RHSA-2016-1613.NASL", "CENTOS_RHSA-2016-1940.NASL", "CENTOS_RHSA-2016-2045.NASL", "CENTOS_RHSA-2016-2046.NASL", "CENTOS_RHSA-2016-2599.NASL", "CENTOS_RHSA-2016-2779.NASL", "CENTOS_RHSA-2017-0180.NASL", "CENTOS_RHSA-2017-0269.NASL", "CENTOS_RHSA-2017-0286.NASL", "CENTOS_RHSA-2017-1789.NASL", "CENTOS_RHSA-2017-2192.NASL", "CENTOS_RHSA-2017-2424.NASL", "CENTOS_RHSA-2017-2486.NASL", "CENTOS_RHSA-2017-3080.NASL", "CENTOS_RHSA-2017-3081.NASL", "CENTOS_RHSA-2017-3392.NASL", "CENTOS_RHSA-2018-2123.NASL", "CENTOS_RHSA-2018-2439.NASL", "CERBERUS_FTP_7_0_0_3.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CHECK_POINT_GAIA_SK104443.NASL", "CHECK_POINT_GAIA_SK106499.NASL", "CISCO-CSCUP22544-ACE.NASL", "CISCO-SA-20140605-OPENSSL-IOS.NASL", "CISCO-SA-20140605-OPENSSL-IOSXE.NASL", "CISCO-SA-20140605-OPENSSL-IOSXR.NASL", "CISCO-SA-20140605-OPENSSL-NXOS.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-CUCM.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO-SA-20150128-ACE.NASL", "CISCO-SA-20150128-GHOST-IOSXE_MULTI.NASL", "CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL", "CISCO-SA-20150128-GHOST-IOSXR_NCS6K.NASL", "CISCO-SA-20150128-GHOST-NXOS.NASL", "CISCO-SA-20150310-SSL-NXOS.NASL", "CISCO-SA-20150320-OPENSSL-IOS.NASL", "CISCO-SA-20150320-OPENSSL-IOSXE.NASL", "CISCO_ACE_A5_3_3.NASL", "CISCO_ANYCONNECT_3_1_5170.NASL", "CISCO_ANYCONNECT_3_1_5187.NASL", "CISCO_ANYCONNECT_3_1_7021.NASL", "CISCO_ANYCONNECT_CSCUX41420.NASL", "CISCO_ASA_CSCUP22532.NASL", "CISCO_CUCM_CSCUS66650-GHOST.NASL", "CISCO_CUPS_CSCUS69785.NASL", "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "CISCO_TELEPRESENCE_CONDUCTOR_CSCUS69523.NASL", "CISCO_TELEPRESENCE_MCU_CSCUP23994.NASL", "CISCO_TELEPRESENCE_SUPERVISOR_8050_MSE_CSCUP22635.NASL", "CISCO_TELEPRESENCE_VCS_CSCUS69558.NASL", "CISCO_TELEPRESENCE_VCS_MULTIPLE_880.NASL", "CITRIX_XENSERVER_CTX212736.NASL", "CUPS_2_0_1.NASL", "DB2_105FP7_NIX.NASL", "DB2_105FP7_WIN.NASL", "DB2_97FP10_MULTI_VULN.NASL", "DEBIAN_DLA-1043.NASL", "DEBIAN_DLA-1073.NASL", "DEBIAN_DLA-132.NASL", "DEBIAN_DLA-139.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-177.NASL", "DEBIAN_DLA-1883.NASL", "DEBIAN_DLA-247.NASL", "DEBIAN_DLA-274.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-358.NASL", "DEBIAN_DLA-361.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-421.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-472.NASL", "DEBIAN_DLA-480.NASL", "DEBIAN_DLA-527.NASL", "DEBIAN_DLA-528.NASL", "DEBIAN_DLA-529.NASL", "DEBIAN_DLA-553.NASL", "DEBIAN_DLA-568.NASL", "DEBIAN_DLA-637.NASL", "DEBIAN_DLA-749.NASL", "DEBIAN_DLA-794.NASL", "DEBIAN_DLA-81.NASL", "DEBIAN_DLA-814.NASL", "DEBIAN_DLA-924.NASL", "DEBIAN_DSA-2504.NASL", "DEBIAN_DSA-2880.NASL", "DEBIAN_DSA-2950.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3125.NASL", "DEBIAN_DSA-3142.NASL", "DEBIAN_DSA-3144.NASL", "DEBIAN_DSA-3147.NASL", "DEBIAN_DSA-3197.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3287.NASL", "DEBIAN_DSA-3413.NASL", "DEBIAN_DSA-3417.NASL", "DEBIAN_DSA-3441.NASL", "DEBIAN_DSA-3489.NASL", "DEBIAN_DSA-3501.NASL", "DEBIAN_DSA-3510.NASL", "DEBIAN_DSA-3520.NASL", "DEBIAN_DSA-3524.NASL", "DEBIAN_DSA-3566.NASL", "DEBIAN_DSA-3576.NASL", "DEBIAN_DSA-3609.NASL", "DEBIAN_DSA-3611.NASL", "DEBIAN_DSA-3614.NASL", "DEBIAN_DSA-3623.NASL", "DEBIAN_DSA-3631.NASL", "DEBIAN_DSA-3673.NASL", "DEBIAN_DSA-3688.NASL", "DEBIAN_DSA-3773.NASL", "DEBIAN_DSA-3842.NASL", "DEBIAN_DSA-3843.NASL", "DEBIAN_DSA-3919.NASL", "DEBIAN_DSA-3922.NASL", "DEBIAN_DSA-3944.NASL", "DEBIAN_DSA-3954.NASL", "DEBIAN_DSA-3955.NASL", "DEBIAN_DSA-4005.NASL", "DOMINO_SWG21992835.NASL", "DRUPAL_8_1_7.NASL", "EMC_DOCUMENTUM_CONTENT_SERVER_ESA-2014-079.NASL", "EULEROS_SA-2016-1003.NASL", "EULEROS_SA-2016-1017.NASL", "EULEROS_SA-2016-1030.NASL", "EULEROS_SA-2016-1047.NASL", "EULEROS_SA-2016-1049.NASL", "EULEROS_SA-2016-1054.NASL", "EULEROS_SA-2016-1084.NASL", "EULEROS_SA-2016-1090.NASL", "EULEROS_SA-2017-1015.NASL", "EULEROS_SA-2017-1016.NASL", "EULEROS_SA-2017-1027.NASL", "EULEROS_SA-2017-1028.NASL", "EULEROS_SA-2017-1029.NASL", "EULEROS_SA-2017-1030.NASL", "EULEROS_SA-2017-1039.NASL", "EULEROS_SA-2017-1040.NASL", "EULEROS_SA-2017-1150.NASL", "EULEROS_SA-2017-1151.NASL", "EULEROS_SA-2017-1169.NASL", "EULEROS_SA-2017-1170.NASL", "EULEROS_SA-2017-1207.NASL", "EULEROS_SA-2017-1208.NASL", "EULEROS_SA-2017-1261.NASL", "EULEROS_SA-2017-1262.NASL", "EULEROS_SA-2017-1322.NASL", "EULEROS_SA-2017-1323.NASL", "EULEROS_SA-2017-1330.NASL", "EULEROS_SA-2017-1331.NASL", "EULEROS_SA-2018-1302.NASL", "EULEROS_SA-2018-1303.NASL", "EULEROS_SA-2018-1337.NASL", "EULEROS_SA-2018-1346.NASL", "EULEROS_SA-2019-1386.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1403.NASL", "EULEROS_SA-2019-1419.NASL", "EULEROS_SA-2019-1434.NASL", "EULEROS_SA-2019-1541.NASL", "EULEROS_SA-2019-1542.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-1548.NASL", "EULEROS_SA-2019-1551.NASL", "EULEROS_SA-2019-1861.NASL", "EULEROS_SA-2019-1980.NASL", "EULEROS_SA-2019-2217.NASL", "EULEROS_SA-2019-2271.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2019-2643.NASL", "EULEROS_SA-2020-1420.NASL", "EULEROS_SA-2020-1574.NASL", "EULEROS_SA-2020-1637.NASL", "EULEROS_SA-2020-1689.NASL", "EULEROS_SA-2020-1774.NASL", "EULEROS_SA-2020-2076.NASL", "EULEROS_SA-2021-1107.NASL", "EULEROS_SA-2021-1222.NASL", "EULEROS_SA-2021-1342.NASL", "EULEROS_SA-2021-1446.NASL", "EULEROS_SA-2021-1508.NASL", "EULEROS_SA-2021-2086.NASL", "EULEROS_SA-2021-2157.NASL", "F5_BIGIP_SOL01276005.NASL", "F5_BIGIP_SOL02652550.NASL", "F5_BIGIP_SOL10065173.NASL", "F5_BIGIP_SOL12824341.NASL", "F5_BIGIP_SOL13167034.NASL", "F5_BIGIP_SOL15325.NASL", "F5_BIGIP_SOL15479471.NASL", "F5_BIGIP_SOL16057.NASL", "F5_BIGIP_SOL16123.NASL", "F5_BIGIP_SOL16317.NASL", "F5_BIGIP_SOL16898.NASL", "F5_BIGIP_SOL16913.NASL", "F5_BIGIP_SOL16914.NASL", "F5_BIGIP_SOL20145801.NASL", "F5_BIGIP_SOL23230229.NASL", "F5_BIGIP_SOL23512141.NASL", "F5_BIGIP_SOL23873366.NASL", "F5_BIGIP_SOL33209124.NASL", "F5_BIGIP_SOL36488941.NASL", "F5_BIGIP_SOL37526132.NASL", "F5_BIGIP_SOL43570545.NASL", "F5_BIGIP_SOL44512851.NASL", "F5_BIGIP_SOL51920288.NASL", "F5_BIGIP_SOL53084033.NASL", "F5_BIGIP_SOL54211024.NASL", "F5_BIGIP_SOL59298921.NASL", "F5_BIGIP_SOL75152412.NASL", "F5_BIGIP_SOL90492697.NASL", "F5_BIGIP_SOL91100352.NASL", "F5_BIGIP_SOL93600123.NASL", "FEDORA_2014-12951.NASL", "FEDORA_2014-13012.NASL", "FEDORA_2014-13069.NASL", "FEDORA_2014-13399.NASL", "FEDORA_2014-13647.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-13781.NASL", "FEDORA_2014-13794.NASL", "FEDORA_2014-14217.NASL", "FEDORA_2014-14234.NASL", "FEDORA_2014-14237.NASL", "FEDORA_2014-15379.NASL", "FEDORA_2014-15390.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2014-2394.NASL", "FEDORA_2014-2418.NASL", "FEDORA_2014-7101.NASL", "FEDORA_2014-7102.NASL", "FEDORA_2014-9301.NASL", "FEDORA_2014-9308.NASL", "FEDORA_2015-0512.NASL", "FEDORA_2015-0601.NASL", "FEDORA_2015-10047.NASL", "FEDORA_2015-10108.NASL", "FEDORA_2015-15899.NASL", "FEDORA_2015-15907.NASL", "FEDORA_2015-2315.NASL", "FEDORA_2015-2328.NASL", "FEDORA_2015-4300.NASL", "FEDORA_2015-4303.NASL", "FEDORA_2015-4320.NASL", "FEDORA_2015-605DE37B7F.NASL", "FEDORA_2015-6855.NASL", "FEDORA_2015-6951.NASL", "FEDORA_2015-7CA4368B0C.NASL", "FEDORA_2015-7D95466EDA.NASL", "FEDORA_2015-9090.NASL", "FEDORA_2015-9110.NASL", "FEDORA_2015-D87D60B9A9.NASL", "FEDORA_2015-EEFC5A6762.NASL", "FEDORA_2016-05C567DF1A.NASL", "FEDORA_2016-0A4DCCDD23.NASL", "FEDORA_2016-1411324654.NASL", "FEDORA_2016-1E39D934ED.NASL", "FEDORA_2016-1FB63E3BF3.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-2B0C16FD82.NASL", "FEDORA_2016-340E361B90.NASL", "FEDORA_2016-38E5B05260.NASL", "FEDORA_2016-4094BD4AD6.NASL", "FEDORA_2016-4CA904238F.NASL", "FEDORA_2016-4E7DB3D437.NASL", "FEDORA_2016-527018D2FF.NASL", "FEDORA_2016-5D4FC5ECC9.NASL", "FEDORA_2016-64E0743E16.NASL", "FEDORA_2016-683D0B257B.NASL", "FEDORA_2016-69E506E02D.NASL", "FEDORA_2016-8EB11666AA.NASL", "FEDORA_2016-97454404FE.NASL", "FEDORA_2016-9C8CF5912C.NASL", "FEDORA_2016-9FD9BFAB9E.NASL", "FEDORA_2016-A29C65B00F.NASL", "FEDORA_2016-A555159613.NASL", "FEDORA_2016-AEF8A45AFE.NASL", "FEDORA_2016-C1B01B9278.NASL", "FEDORA_2016-C558E58B21.NASL", "FEDORA_2016-CD2BD0800F.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2016-DF0726AE26.NASL", "FEDORA_2016-E1234B65A2.NASL", "FEDORA_2016-E2C8F5F95A.NASL", "FEDORA_2016-EA5E284D34.NASL", "FEDORA_2016-F4A443888B.NASL", "FEDORA_2017-0E64C4C186.NASL", "FEDORA_2017-1CE2A05FF1.NASL", "FEDORA_2017-33C8085C5D.NASL", "FEDORA_2017-3451DBEC48.NASL", "FEDORA_2017-5261BA4605.NASL", "FEDORA_2017-661DDDC462.NASL", "FEDORA_2017-6A0389A6A7.NASL", "FEDORA_2017-7C039552FA.NASL", "FEDORA_2017-9899ABA20E.NASL", "FEDORA_2017-CC0E0DAF0F.NASL", "FEDORA_2017-D5AA7C77D6.NASL", "FEDORA_2017-E853B4144F.NASL", "FEDORA_2017-EE93493BEA.NASL", "FIREEYE_OS_SB001.NASL", "FORTICLIENT_5_0_10.NASL", "FORTINET_FG-IR-14-018.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_0765DE84A6C111E4A0C1C485083CA99C.NASL", "FREEBSD_PKG_0CA246823F0311E6B3C814DAE9D210B8.NASL", "FREEBSD_PKG_0DAD911460CC11E49E840022156E8794.NASL", "FREEBSD_PKG_3216608253FA41FAB081207E7A989A0A.NASL", "FREEBSD_PKG_333F655AB93A11E59EFA5453ED2E2B49.NASL", "FREEBSD_PKG_3679FD10C5D111E5B85F0018FE623F2B.NASL", "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "FREEBSD_PKG_43EAA65680BC11E6BF52B499BAEBFEAF.NASL", "FREEBSD_PKG_4AF92A40DB3311E6AE1B002590263BF5.NASL", "FREEBSD_PKG_4C8D1D729B3811E5AECED050996490D0.NASL", "FREEBSD_PKG_4E536C14979111E4977DD050992ECDE8.NASL", "FREEBSD_PKG_50751310A76311E6A881B499BAEBFEAF.NASL", "FREEBSD_PKG_5AC53801EC2E11E39CF33C970E169BC2.NASL", "FREEBSD_PKG_61B8C3594AAB11E6A7BD14DAE9D210B8.NASL", "FREEBSD_PKG_67B3FEF22BEA11E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_6F0529E22E8211E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL", "FREEBSD_PKG_8305E215108011E58BA2000C2980A9F3.NASL", "FREEBSD_PKG_862D6AB3C75E11E69F9820CF30E32F6D.NASL", "FREEBSD_PKG_8E5E6D42A0FA11E3B09A080027F2D077.NASL", "FREEBSD_PKG_91A337D883ED11E6BF52B499BAEBFEAF.NASL", "FREEBSD_PKG_9D15355BCE7C11E49DB0D050992ECDE8.NASL", "FREEBSD_PKG_A258604DF2AA11E5B4A9AC220BDCEC59.NASL", "FREEBSD_PKG_B6402385533B11E6A7BD14DAE9D210B8.NASL", "FREEBSD_PKG_C429276852734F17A267C5FE35125CE4.NASL", "FREEBSD_PKG_CA5CB2024F5111E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_CBCEEB493BC711E68E82002590263BF5.NASL", "FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL", "FREEBSD_PKG_D455708AE3D311E69940B499BAEBFEAF.NASL", "FREEBSD_PKG_D9F99491165611E694FA002590263BF5.NASL", "FREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL", "GENTOO_GLSA-201407-05.NASL", "GENTOO_GLSA-201411-10.NASL", "GENTOO_GLSA-201503-04.NASL", "GENTOO_GLSA-201503-10.NASL", "GENTOO_GLSA-201503-11.NASL", "GENTOO_GLSA-201506-02.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201601-05.NASL", "GENTOO_GLSA-201605-06.NASL", "GENTOO_GLSA-201606-11.NASL", "GENTOO_GLSA-201610-01.NASL", "GENTOO_GLSA-201611-22.NASL", "GENTOO_GLSA-201612-16.NASL", "GENTOO_GLSA-201701-36.NASL", "GENTOO_GLSA-201701-65.NASL", "GENTOO_GLSA-201701-75.NASL", "GENTOO_GLSA-201702-07.NASL", "GENTOO_GLSA-201705-09.NASL", "GENTOO_GLSA-201707-01.NASL", "GENTOO_GLSA-201709-22.NASL", "GENTOO_GLSA-201802-04.NASL", "GENTOO_GLSA-202003-01.NASL", "GENTOO_GLSA-202107-39.NASL", "GLASSFISH_CPU_APR_2015.NASL", "GLASSFISH_CPU_OCT_2017.NASL", "GLASSFISH_CVE-2016-1950.NASL", "HPSMH_7_2_6.NASL", "HPSMH_7_3_3_1.NASL", "HPSMH_7_4_1.NASL", "HPSMH_7_5.NASL", "HPSMH_7_5_4.NASL", "HPSMH_7_5_5.NASL", "HPSMH_7_6.NASL", "HP_IMC_73_E0504P04.NASL", "HP_INTELLIGENT_MANAGEMENT_CENTER_7_3_E0504P04.NASL", "HP_LASERJET_HPSBPI03107.NASL", "HP_OFFICEJET_HPSBPI03107.NASL", "HP_ONBOARD_ADMIN_4_22.NASL", "HP_ONEVIEW_1_10.NASL", "HP_SITESCOPE_HPSBMU03184.NASL", "HP_SUM_6_4_1.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_73_HOTFIX_34.NASL", "HP_VCA_SSRT101614-RHEL.NASL", "HP_VCA_SSRT101614-SLES.NASL", "HP_VCA_SSRT101614.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_7_6_0_0.NASL", "HP_VERSION_CONTROL_REPO_MANAGER_HPSBMU03056.NASL", "HTTP_HTTPOXY.NASL", "IBM_BIGFIX_REMOTE_CONTROL_9_1_3.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_DOMINO_SWG21693142.NASL", "IBM_GPFS_ISG3T1020948_WINDOWS.NASL", "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "IBM_HTTP_SERVER_521711.NASL", "IBM_HTTP_SERVER_533837.NASL", "IBM_HTTP_SERVER_548223.NASL", "IBM_HTTP_SERVER_553351.NASL", "IBM_HTTP_SERVER_569301.NASL", "IBM_INFORMIX_SERVER_SWG22002897.NASL", "IBM_JAVA_2017_01_17.NASL", "IBM_JAVA_2017_07_18.NASL", "IBM_JAVA_2018_08_01.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "IBM_TEM_9_1_1117_0.NASL", "INTEL_AMT_AUTH_BYPASS.NBIN", "INTEL_SA_00075.NASL", "JBOSS_JAVA_SERIALIZE.NASL", "JUNIPER_JSA10629.NASL", "JUNIPER_JSA10759.NASL", "JUNIPER_JSA10775.NASL", "JUNIPER_SPACE_JSA10659.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "JUNOS_PULSE_JSA10629.NASL", "LCE_4_8_1.NASL", "LIBREOFFICE_423.NASL", "MACOSX_10_10.NASL", "MACOSX_10_10_2.NASL", "MACOSX_10_10_3.NASL", "MACOSX_10_10_4.NASL", "MACOSX_10_10_5.NASL", "MACOSX_10_11.NASL", "MACOSX_10_11_1.NASL", "MACOSX_10_11_4.NASL", "MACOSX_10_11_6.NASL", "MACOSX_10_9_5.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5170.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_7021.NASL", "MACOSX_CISCO_ANYCONNECT_CSCUX41420.NASL", "MACOSX_FIREFOX_38_7_ESR.NASL", "MACOSX_FIREFOX_45.NASL", "MACOSX_FIREFOX_47.NASL", "MACOSX_FUSION_6_0_4.NASL", "MACOSX_LIBREOFFICE_423.NASL", "MACOSX_SECUPD2014-004.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SECUPD2015-004.NASL", "MACOSX_SECUPD2015-005.NASL", "MACOSX_SECUPD2015-006.NASL", "MACOSX_SECUPD2015-007.NASL", "MACOSX_SECUPD2016-007.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOSX_SERVER_2_2_5.NASL", "MACOSX_SERVER_3_2_2.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_SERVER_4_1.NASL", "MACOSX_VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL", "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "MACOSX_XCODE_7_0.NASL", "MACOS_10_12_2.NASL", "MACOS_10_12_4.NASL", "MACOS_10_13.NASL", "MANDRIVA_MDVSA-2014-041.NASL", "MANDRIVA_MDVSA-2014-106.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2014-218.NASL", "MANDRIVA_MDVSA-2014-252.NASL", "MANDRIVA_MDVSA-2015-019.NASL", "MANDRIVA_MDVSA-2015-033.NASL", "MANDRIVA_MDVSA-2015-039.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-063.NASL", "MANDRIVA_MDVSA-2015-075.NASL", "MANDRIVA_MDVSA-2015-076.NASL", "MANDRIVA_MDVSA-2015-158.NASL", "MANDRIVA_MDVSA-2015-198.NASL", "MARIADB_10_0_13.NASL", "MARIADB_10_1_27.NASL", "MARIADB_10_2_10.NASL", "MCAFEE_EMAIL_GATEWAY_SB10075.NASL", "MCAFEE_EPO_SB10075.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "MCAFEE_VSEL_SB10075.NASL", "MCAFEE_WEB_GATEWAY_SB10075.NASL", "MOZILLA_FIREFOX_38_7_ESR.NASL", "MOZILLA_FIREFOX_45.NASL", "MOZILLA_FIREFOX_47.NASL", "MYSQL_5_5_57.NASL", "MYSQL_5_5_57_RPM.NASL", "MYSQL_5_6_20.NASL", "MYSQL_5_6_29_RPM.NASL", "MYSQL_5_6_30.NASL", "MYSQL_5_6_30_RPM.NASL", "MYSQL_5_6_31.NASL", "MYSQL_5_6_31_RPM.NASL", "MYSQL_5_6_34.NASL", "MYSQL_5_6_34_RPM.NASL", "MYSQL_5_6_36.NASL", "MYSQL_5_6_36_RPM.NASL", "MYSQL_5_6_37.NASL", "MYSQL_5_6_37_RPM.NASL", "MYSQL_5_7_11_RPM.NASL", "MYSQL_5_7_12.NASL", "MYSQL_5_7_12_RPM.NASL", "MYSQL_5_7_13.NASL", "MYSQL_5_7_13_RPM.NASL", "MYSQL_5_7_16.NASL", "MYSQL_5_7_16_RPM.NASL", "MYSQL_5_7_17.NASL", "MYSQL_5_7_17_RPM.NASL", "MYSQL_5_7_18.NASL", "MYSQL_5_7_18_RPM.NASL", "MYSQL_5_7_19.NASL", "MYSQL_5_7_19_RPM.NASL", "MYSQL_CLUSTER_7_3_6.NASL", "MYSQL_ENTERPRISE_MONITOR_3_0_23.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_6_7959.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_5_1141.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_1_1112.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_4_3247.NASL", "MYSQL_ES_5_6_29.NASL", "NESSUS_TNS_2015_07.NASL", "NESSUS_TNS_2016_16.NASL", "NEWSTART_CGSL_NS-SA-2019-0003_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0022_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0034_MARIADB.NASL", "NEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0116_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL", "OPENSSL_0_9_8ZA.NASL", "OPENSSL_0_9_8ZC.NASL", "OPENSSL_0_9_8ZD.NASL", "OPENSSL_0_9_8ZF.NASL", "OPENSSL_0_9_8ZG.NASL", "OPENSSL_0_9_8ZH.NASL", "OPENSSL_1_0_0M.NASL", "OPENSSL_1_0_0O.NASL", "OPENSSL_1_0_0P.NASL", "OPENSSL_1_0_0R.NASL", "OPENSSL_1_0_0S.NASL", "OPENSSL_1_0_0T.NASL", "OPENSSL_1_0_1H.NASL", "OPENSSL_1_0_1J.NASL", "OPENSSL_1_0_1K.NASL", "OPENSSL_1_0_1M.NASL", "OPENSSL_1_0_1N.NASL", "OPENSSL_1_0_1O.NASL", "OPENSSL_1_0_1Q.NASL", "OPENSSL_1_0_1R.NASL", "OPENSSL_1_0_1T.NASL", "OPENSSL_1_0_1U.NASL", "OPENSSL_1_0_2A.NASL", "OPENSSL_1_0_2B.NASL", "OPENSSL_1_0_2C.NASL", "OPENSSL_1_0_2E.NASL", "OPENSSL_1_0_2F.NASL", "OPENSSL_1_0_2H.NASL", "OPENSSL_1_0_2I.NASL", "OPENSSL_1_0_2J.NASL", "OPENSSL_1_0_2K.NASL", "OPENSSL_1_1_0.NASL", "OPENSSL_1_1_0A.NASL", "OPENSSL_1_1_0B.NASL", "OPENSSL_1_1_0C.NASL", "OPENSSL_1_1_0D.NASL", "OPENSSL_AES_NI_PADDING_ORACLE.NASL", "OPENSSL_CCS.NASL", "OPENSSL_CCS_1_0_1.NASL", "OPENSUSE-2014-213.NASL", "OPENSUSE-2014-278.NASL", "OPENSUSE-2014-289.NASL", "OPENSUSE-2014-333.NASL", "OPENSUSE-2014-410.NASL", "OPENSUSE-2014-605.NASL", "OPENSUSE-2014-640.NASL", "OPENSUSE-2014-647.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2015-116.NASL", "OPENSUSE-2015-139.NASL", "OPENSUSE-2015-247.NASL", "OPENSUSE-2015-447.NASL", "OPENSUSE-2015-507.NASL", "OPENSUSE-2015-658.NASL", "OPENSUSE-2015-67.NASL", "OPENSUSE-2015-705.NASL", "OPENSUSE-2015-84.NASL", "OPENSUSE-2015-889.NASL", "OPENSUSE-2015-908.NASL", "OPENSUSE-2015-91.NASL", "OPENSUSE-2015-911.NASL", "OPENSUSE-2015-916.NASL", "OPENSUSE-2015-940.NASL", "OPENSUSE-2016-1005.NASL", "OPENSUSE-2016-1056.NASL", "OPENSUSE-2016-1086.NASL", "OPENSUSE-2016-1130.NASL", "OPENSUSE-2016-1134.NASL", "OPENSUSE-2016-1172.NASL", "OPENSUSE-2016-1189.NASL", "OPENSUSE-2016-1283.NASL", "OPENSUSE-2016-1289.NASL", "OPENSUSE-2016-1339.NASL", "OPENSUSE-2016-1440.NASL", "OPENSUSE-2016-154.NASL", "OPENSUSE-2016-203.NASL", "OPENSUSE-2016-289.NASL", "OPENSUSE-2016-292.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2016-327.NASL", "OPENSUSE-2016-332.NASL", "OPENSUSE-2016-334.NASL", "OPENSUSE-2016-386.NASL", "OPENSUSE-2016-561.NASL", "OPENSUSE-2016-562.NASL", "OPENSUSE-2016-563.NASL", "OPENSUSE-2016-564.NASL", "OPENSUSE-2016-565.NASL", "OPENSUSE-2016-575.NASL", "OPENSUSE-2016-604.NASL", "OPENSUSE-2016-704.NASL", "OPENSUSE-2016-714.NASL", "OPENSUSE-2016-715.NASL", "OPENSUSE-2016-880.NASL", "OPENSUSE-2016-921.NASL", "OPENSUSE-2016-979.NASL", "OPENSUSE-2017-1196.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2017-201.NASL", "OPENSUSE-2017-255.NASL", "OPENSUSE-2017-256.NASL", "OPENSUSE-2017-278.NASL", "OPENSUSE-2017-284.NASL", "OPENSUSE-2017-442.NASL", "OPENSUSE-2017-459.NASL", "OPENSUSE-2017-586.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2017-954.NASL", "OPENSUSE-2018-14.NASL", "OPENSUSE-2018-168.NASL", "OPENSUSE-2018-33.NASL", "ORACLELINUX_ELSA-2014-0624.NASL", "ORACLELINUX_ELSA-2014-0625.NASL", "ORACLELINUX_ELSA-2014-0626.NASL", "ORACLELINUX_ELSA-2014-0679.NASL", "ORACLELINUX_ELSA-2014-0680.NASL", "ORACLELINUX_ELSA-2014-1652.NASL", "ORACLELINUX_ELSA-2014-1653.NASL", "ORACLELINUX_ELSA-2014-1948.NASL", "ORACLELINUX_ELSA-2014-3040.NASL", "ORACLELINUX_ELSA-2015-0066.NASL", "ORACLELINUX_ELSA-2015-0067.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0069.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2015-0090.NASL", "ORACLELINUX_ELSA-2015-0092.NASL", "ORACLELINUX_ELSA-2015-0101.NASL", "ORACLELINUX_ELSA-2015-0715.NASL", "ORACLELINUX_ELSA-2015-0716.NASL", "ORACLELINUX_ELSA-2015-1115.NASL", "ORACLELINUX_ELSA-2015-1197.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "ORACLELINUX_ELSA-2015-1695.NASL", "ORACLELINUX_ELSA-2015-2521.NASL", "ORACLELINUX_ELSA-2015-2522.NASL", "ORACLELINUX_ELSA-2015-2616.NASL", "ORACLELINUX_ELSA-2015-2617.NASL", "ORACLELINUX_ELSA-2015-2671.NASL", "ORACLELINUX_ELSA-2016-0301.NASL", "ORACLELINUX_ELSA-2016-0302.NASL", "ORACLELINUX_ELSA-2016-0370.NASL", "ORACLELINUX_ELSA-2016-0371.NASL", "ORACLELINUX_ELSA-2016-0372.NASL", "ORACLELINUX_ELSA-2016-0591.NASL", "ORACLELINUX_ELSA-2016-0684.NASL", "ORACLELINUX_ELSA-2016-0685.NASL", "ORACLELINUX_ELSA-2016-0722.NASL", "ORACLELINUX_ELSA-2016-0996.NASL", "ORACLELINUX_ELSA-2016-1137.NASL", "ORACLELINUX_ELSA-2016-1421.NASL", "ORACLELINUX_ELSA-2016-1422.NASL", "ORACLELINUX_ELSA-2016-1538.NASL", "ORACLELINUX_ELSA-2016-1609.NASL", "ORACLELINUX_ELSA-2016-1613.NASL", "ORACLELINUX_ELSA-2016-1940.NASL", "ORACLELINUX_ELSA-2016-2045.NASL", "ORACLELINUX_ELSA-2016-2046.NASL", "ORACLELINUX_ELSA-2016-2599.NASL", "ORACLELINUX_ELSA-2016-2779.NASL", "ORACLELINUX_ELSA-2016-3576.NASL", "ORACLELINUX_ELSA-2016-3627.NASL", "ORACLELINUX_ELSA-2017-0180.NASL", "ORACLELINUX_ELSA-2017-0269.NASL", "ORACLELINUX_ELSA-2017-0286.NASL", "ORACLELINUX_ELSA-2017-1789.NASL", "ORACLELINUX_ELSA-2017-2192.NASL", "ORACLELINUX_ELSA-2017-2424.NASL", "ORACLELINUX_ELSA-2017-2486.NASL", "ORACLELINUX_ELSA-2017-3080.NASL", "ORACLELINUX_ELSA-2017-3081.NASL", "ORACLELINUX_ELSA-2017-3392.NASL", "ORACLELINUX_ELSA-2018-2123.NASL", "ORACLELINUX_ELSA-2018-2439.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2014-0038.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2014-0040.NASL", "ORACLEVM_OVMSA-2014-0041.NASL", "ORACLEVM_OVMSA-2015-0005.NASL", "ORACLEVM_OVMSA-2015-0022.NASL", "ORACLEVM_OVMSA-2015-0023.NASL", "ORACLEVM_OVMSA-2015-0024.NASL", "ORACLEVM_OVMSA-2015-0029.NASL", "ORACLEVM_OVMSA-2015-0030.NASL", "ORACLEVM_OVMSA-2015-0039.NASL", "ORACLEVM_OVMSA-2015-0068.NASL", "ORACLEVM_OVMSA-2015-0070.NASL", "ORACLEVM_OVMSA-2015-0155.NASL", "ORACLEVM_OVMSA-2016-0001.NASL", "ORACLEVM_OVMSA-2016-0013.NASL", "ORACLEVM_OVMSA-2016-0031.NASL", "ORACLEVM_OVMSA-2016-0034.NASL", "ORACLEVM_OVMSA-2016-0042.NASL", "ORACLEVM_OVMSA-2016-0049.NASL", "ORACLEVM_OVMSA-2016-0066.NASL", "ORACLEVM_OVMSA-2016-0071.NASL", "ORACLEVM_OVMSA-2016-0086.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLEVM_OVMSA-2016-0141.NASL", "ORACLEVM_OVMSA-2016-0159.NASL", "ORACLEVM_OVMSA-2017-0042.NASL", "ORACLEVM_OVMSA-2017-0065.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "ORACLE_ACCESS_MANAGER_WEBGATE_CVE_2016_2107.NBIN", "ORACLE_BI_PUBLISHER_APR_2018_CPU.NASL", "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "ORACLE_BI_PUBLISHER_JAN_2018_CPU.NASL", "ORACLE_BI_PUBLISHER_JUL_2017_CPU.NASL", "ORACLE_BI_PUBLISHER_OCT_2017_CPU.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2016.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2014.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2015.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2017.NASL", "ORACLE_E-BUSINESS_CPU_OCT_2016.NASL", "ORACLE_EIDS_CPU_OCT_2014.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2016_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OCT_2017_CPU.NASL", "ORACLE_GOLDENGATE_FOR_BIG_DATA_CPU_OCT_2018.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2016.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_JAN_2018.NASL", "ORACLE_ILOM_3_2_6.NASL", "ORACLE_JAVA_CPU_JAN_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2017.NASL", "ORACLE_JAVA_CPU_JAN_2017_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2017.NASL", "ORACLE_JAVA_CPU_JUL_2017_UNIX.NASL", "ORACLE_JDEVELOPER_CPU_JULY_2016.NASL", "ORACLE_JDEVELOPER_CPU_JUL_2018.NASL", "ORACLE_JDEVELOPER_CPU_OCT_2017.NASL", "ORACLE_JROCKIT_CPU_JAN_2015.NASL", "ORACLE_JROCKIT_CPU_JUL_2017.NASL", "ORACLE_OATS_CPU_APR_2016.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2017.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JUL_2017.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2017.NASL", "ORACLE_RDBMS_CPU_JUL_2016.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_RDBMS_CPU_OCT_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2014_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2016_CPU.NASL", "ORACLE_VIRTUALBOX_JAN_2015_CPU.NASL", "ORACLE_WEBCENTER_CONTENT_JUL_2017_CPU.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "ORACLE_WEBCENTER_SITES_APR_2017_CPU.NASL", "ORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL", "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2015.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2017.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2017.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2021.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2016.NASL", "ORACLE_WEBLOGIC_SERVER_CVE-2017-9805.NBIN", "OT_500473.NASL", "PALO_ALTO_PAN-OS_7_0_15.NASL", "PALO_ALTO_PAN-SA-2014-0003.NASL", "PALO_ALTO_PAN-SA-2015-0002.NASL", "PFSENSE_SA-14_07.NASL", "PFSENSE_SA-15_06.NASL", "PFSENSE_SA-15_11.NASL", "PFSENSE_SA-16_02.NASL", "PFSENSE_SA-16_04.NASL", "PHOTONOS_PHSA-2017-0026.NASL", "PHOTONOS_PHSA-2017-0026_OPENJDK.NASL", "PHOTONOS_PHSA-2017-0026_OPENJRE.NASL", "PHP_5_4_38.NASL", "PHP_5_5_22.NASL", "PHP_5_5_38.NASL", "PHP_5_6_24.NASL", "PHP_5_6_6.NASL", "PHP_7_0_9.NASL", "PIVOTAL_WEBSERVER_5_4_1.NASL", "PUPPET_ENTERPRISE_330.NASL", "PUPPET_ENTERPRISE_380.NASL", "PUPPET_ENTERPRISE_ACTIVEMQ_PSQL_SSL.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2013-0191.NASL", "REDHAT-RHSA-2013-0192.NASL", "REDHAT-RHSA-2013-0193.NASL", "REDHAT-RHSA-2013-0195.NASL", "REDHAT-RHSA-2013-0196.NASL", "REDHAT-RHSA-2013-0197.NASL", "REDHAT-RHSA-2014-0624.NASL", "REDHAT-RHSA-2014-0625.NASL", "REDHAT-RHSA-2014-0626.NASL", "REDHAT-RHSA-2014-0627.NASL", "REDHAT-RHSA-2014-0628.NASL", "REDHAT-RHSA-2014-0629.NASL", "REDHAT-RHSA-2014-0679.NASL", "REDHAT-RHSA-2014-0680.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1692.NASL", "REDHAT-RHSA-2014-1876.NASL", "REDHAT-RHSA-2014-1877.NASL", "REDHAT-RHSA-2014-1880.NASL", "REDHAT-RHSA-2014-1881.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2014-1948.NASL", "REDHAT-RHSA-2015-0066.NASL", "REDHAT-RHSA-2015-0067.NASL", "REDHAT-RHSA-2015-0068.NASL", "REDHAT-RHSA-2015-0069.NASL", "REDHAT-RHSA-2015-0079.NASL", "REDHAT-RHSA-2015-0080.NASL", "REDHAT-RHSA-2015-0085.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0090.NASL", "REDHAT-RHSA-2015-0092.NASL", "REDHAT-RHSA-2015-0099.NASL", "REDHAT-RHSA-2015-0101.NASL", "REDHAT-RHSA-2015-0126.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-0715.NASL", "REDHAT-RHSA-2015-0716.NASL", "REDHAT-RHSA-2015-0752.NASL", "REDHAT-RHSA-2015-1115.NASL", "REDHAT-RHSA-2015-1197.NASL", "REDHAT-RHSA-2015-1330.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1546.NASL", "REDHAT-RHSA-2015-1695.NASL", "REDHAT-RHSA-2015-2500.NASL", "REDHAT-RHSA-2015-2521.NASL", "REDHAT-RHSA-2015-2522.NASL", "REDHAT-RHSA-2015-2535.NASL", "REDHAT-RHSA-2015-2536.NASL", "REDHAT-RHSA-2015-2538.NASL", "REDHAT-RHSA-2015-2539.NASL", "REDHAT-RHSA-2015-2540.NASL", "REDHAT-RHSA-2015-2542.NASL", "REDHAT-RHSA-2015-2616.NASL", "REDHAT-RHSA-2015-2617.NASL", "REDHAT-RHSA-2015-2671.NASL", "REDHAT-RHSA-2016-0121.NASL", "REDHAT-RHSA-2016-0122.NASL", "REDHAT-RHSA-2016-0123.NASL", "REDHAT-RHSA-2016-0124.NASL", "REDHAT-RHSA-2016-0301.NASL", "REDHAT-RHSA-2016-0302.NASL", "REDHAT-RHSA-2016-0303.NASL", "REDHAT-RHSA-2016-0304.NASL", "REDHAT-RHSA-2016-0305.NASL", "REDHAT-RHSA-2016-0370.NASL", "REDHAT-RHSA-2016-0371.NASL", "REDHAT-RHSA-2016-0372.NASL", "REDHAT-RHSA-2016-0379.NASL", "REDHAT-RHSA-2016-0489.NASL", "REDHAT-RHSA-2016-0495.NASL", "REDHAT-RHSA-2016-0591.NASL", "REDHAT-RHSA-2016-0684.NASL", "REDHAT-RHSA-2016-0685.NASL", "REDHAT-RHSA-2016-0722.NASL", "REDHAT-RHSA-2016-0996.NASL", "REDHAT-RHSA-2016-1137.NASL", "REDHAT-RHSA-2016-1421.NASL", "REDHAT-RHSA-2016-1422.NASL", "REDHAT-RHSA-2016-1538.NASL", "REDHAT-RHSA-2016-1609.NASL", "REDHAT-RHSA-2016-1613.NASL", "REDHAT-RHSA-2016-1635.NASL", "REDHAT-RHSA-2016-1636.NASL", "REDHAT-RHSA-2016-1648.NASL", "REDHAT-RHSA-2016-1649.NASL", "REDHAT-RHSA-2016-1773.NASL", "REDHAT-RHSA-2016-1838.NASL", "REDHAT-RHSA-2016-1839.NASL", "REDHAT-RHSA-2016-1840.NASL", "REDHAT-RHSA-2016-1851.NASL", "REDHAT-RHSA-2016-1940.NASL", "REDHAT-RHSA-2016-2045.NASL", "REDHAT-RHSA-2016-2046.NASL", "REDHAT-RHSA-2016-2069.NASL", "REDHAT-RHSA-2016-2072.NASL", "REDHAT-RHSA-2016-2073.NASL", "REDHAT-RHSA-2016-2599.NASL", "REDHAT-RHSA-2016-2779.NASL", "REDHAT-RHSA-2016-2802.NASL", "REDHAT-RHSA-2016-2807.NASL", "REDHAT-RHSA-2017-0175.NASL", "REDHAT-RHSA-2017-0176.NASL", "REDHAT-RHSA-2017-0177.NASL", "REDHAT-RHSA-2017-0180.NASL", "REDHAT-RHSA-2017-0193.NASL", "REDHAT-RHSA-2017-0194.NASL", "REDHAT-RHSA-2017-0269.NASL", "REDHAT-RHSA-2017-0286.NASL", "REDHAT-RHSA-2017-0336.NASL", "REDHAT-RHSA-2017-0337.NASL", "REDHAT-RHSA-2017-0338.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2017-0462.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2017-1413.NASL", "REDHAT-RHSA-2017-1414.NASL", "REDHAT-RHSA-2017-1658.NASL", "REDHAT-RHSA-2017-1789.NASL", "REDHAT-RHSA-2017-1790.NASL", "REDHAT-RHSA-2017-1791.NASL", "REDHAT-RHSA-2017-1792.NASL", "REDHAT-RHSA-2017-1801.NASL", "REDHAT-RHSA-2017-2192.NASL", "REDHAT-RHSA-2017-2424.NASL", "REDHAT-RHSA-2017-2469.NASL", "REDHAT-RHSA-2017-2481.NASL", "REDHAT-RHSA-2017-2486.NASL", "REDHAT-RHSA-2017-2493.NASL", "REDHAT-RHSA-2017-2530.NASL", "REDHAT-RHSA-2017-2709.NASL", "REDHAT-RHSA-2017-2710.NASL", "REDHAT-RHSA-2017-3080.NASL", "REDHAT-RHSA-2017-3081.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2017-3392.NASL", "REDHAT-RHSA-2017-3453.NASL", "REDHAT-RHSA-2018-2123.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-2439.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2713.NASL", "SCREENOS_JSA10733.NASL", "SCREENOS_JSA10759.NASL", "SECURITYCENTER_5_4_1.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_APACHE_2_4_25.NASL", "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "SECURITYCENTER_OPENSSL_1_0_2K.NASL", "SELLIGENT_MESSAGE_STUDIO_RCE.NBIN", "SLACKWARE_SSA_2014-156-03.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SLACKWARE_SSA_2015-009-01.NASL", "SLACKWARE_SSA_2015-028-01.NASL", "SLACKWARE_SSA_2015-111-09.NASL", "SLACKWARE_SSA_2015-162-01.NASL", "SLACKWARE_SSA_2015-349-04.NASL", "SLACKWARE_SSA_2016-034-03.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SLACKWARE_SSA_2016-203-02.NASL", "SLACKWARE_SSA_2016-266-01.NASL", "SLACKWARE_SSA_2016-270-01.NASL", "SLACKWARE_SSA_2016-358-01.NASL", "SLACKWARE_SSA_2016-363-01.NASL", "SLACKWARE_SSA_2017-041-02.NASL", "SLACKWARE_SSA_2017-251-02.NASL", "SL_20140605_OPENSSL097A_AND_OPENSSL098E_ON_SL5_X.NASL", "SL_20140605_OPENSSL_ON_SL5_X.NASL", "SL_20140605_OPENSSL_ON_SL6_X.NASL", "SL_20141016_OPENSSL_ON_SL5_X.NASL", "SL_20141016_OPENSSL_ON_SL6_X.NASL", "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_OPENSSL_ON_SL6_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20150127_GLIBC_ON_SL5_X.NASL", "SL_20150127_GLIBC_ON_SL6_X.NASL", "SL_20150324_OPENSSL_ON_SL6_X.NASL", "SL_20150324_OPENSSL_ON_SL7_X.NASL", "SL_20150615_OPENSSL_ON_SL6_X.NASL", "SL_20150630_OPENSSL_ON_SL5_X.NASL", "SL_20150722_PYTHON_ON_SL6_X.NASL", "SL_20151130_APACHE_COMMONS_COLLECTIONS_ON_SL7_X.NASL", "SL_20151130_JAKARTA_COMMONS_COLLECTIONS_ON_SL6_X.NASL", "SL_20151214_OPENSSL_ON_SL5_X.NASL", "SL_20151214_OPENSSL_ON_SL6_X.NASL", "SL_20151221_JAKARTA_COMMONS_COLLECTIONS_ON_SL5_X.NASL", "SL_20160301_OPENSSL_ON_SL5_X.NASL", "SL_20160301_OPENSSL_ON_SL6_X.NASL", "SL_20160309_NSS_ON_SL5_X.NASL", "SL_20160309_NSS_UTIL_ON_SL6_X.NASL", "SL_20160309_OPENSSL098E_ON_SL6_X.NASL", "SL_20160405_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL", "SL_20160425_NSS_AND_NSPR_ON_SL5_X.NASL", "SL_20160425_NSS__NSPR__NSS_SOFTOKN__AND_NSS_UTIL_ON_SL7_X.NASL", "SL_20160509_OPENSSL_ON_SL7_X.NASL", "SL_20160510_OPENSSL_ON_SL6_X.NASL", "SL_20160531_OPENSSL_ON_SL5_X.NASL", "SL_20160718_HTTPD_ON_SL5_X.NASL", "SL_20160718_HTTPD_ON_SL7_X.NASL", "SL_20160803_GOLANG_ON_SL7_X.NASL", "SL_20160811_PHP_ON_SL6_X.NASL", "SL_20160811_PHP_ON_SL7_X.NASL", "SL_20160927_OPENSSL_ON_SL6_X.NASL", "SL_20161010_TOMCAT6_ON_SL6_X.NASL", "SL_20161010_TOMCAT_ON_SL7_X.NASL", "SL_20161103_TOMCAT_ON_SL7_X.NASL", "SL_20161116_NSS_AND_NSS_UTIL_ON_SL5_X.NASL", "SL_20170120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20170213_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20170220_OPENSSL_ON_SL6_X.NASL", "SL_20170720_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20170807_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20170817_GROOVY_ON_SL7_X.NASL", "SL_20171030_TOMCAT6_ON_SL6_X.NASL", "SL_20171030_TOMCAT_ON_SL7_X.NASL", "SL_20171206_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180703_PYTHON_ON_SL7_X.NASL", "SL_20180816_MARIADB_ON_SL7_X.NASL", "SMB_KB3009008.NASL", "SOLARIS10_124393-12.NASL", "SOLARIS10_124393-13.NASL", "SOLARIS10_124393.NASL", "SOLARIS10_142824-24.NASL", "SOLARIS10_142824-29.NASL", "SOLARIS10_147673-11.NASL", "SOLARIS10_147673.NASL", "SOLARIS10_148071.NASL", "SOLARIS10_150383.NASL", "SOLARIS10_150400-50.NASL", "SOLARIS10_150400-51.NASL", "SOLARIS10_150400-52.NASL", "SOLARIS10_150400-53.NASL", "SOLARIS10_152260-02.NASL", "SOLARIS10_X86_124394-12.NASL", "SOLARIS10_X86_124394-13.NASL", "SOLARIS10_X86_124394.NASL", "SOLARIS10_X86_147674-11.NASL", "SOLARIS10_X86_147674.NASL", "SOLARIS10_X86_148072.NASL", "SOLARIS10_X86_150401-50.NASL", "SOLARIS10_X86_150401-51.NASL", "SOLARIS10_X86_150401-52.NASL", "SOLARIS10_X86_150401-53.NASL", "SOLARIS10_X86_152261-02.NASL", "SOLARIS11_OPENSSL_20141014.NASL", "SOLARIS11_OPENSSL_20141104.NASL", "SOLARIS11_WANBOOT_20141014.NASL", "SOLARIS_JUL2017_SRU11_3_0_0_0.NASL", "SOLARIS_JUL2017_SRU11_3_20_6_0.NASL", "SOLARIS_JUL2017_SRU11_3_21_5_0.NASL", "SOLARIS_JUL2017_SRU11_3_22_3_0.NASL", "SOLARIS_JUL2017_SRU11_3_2_4_0.NASL", "SOLARIS_JUL2017_SRU11_3_9_4_0.NASL", "SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SPLUNK_605.NASL", "SPLUNK_607.NASL", "SPLUNK_618.NASL", "SPLUNK_625.NASL", "SPLUNK_642.NASL", "SSL_64BITBLOCK_SUPPORTED_CIPHERS.NASL", "SSL_MEDIUM_SUPPORTED_CIPHERS.NASL", "SSL_POODLE.NASL", "STRUTS_2_3_29_REST_RCE.NASL", "STRUTS_2_3_29_WIN_LOCAL.NASL", "STRUTS_2_5_10_1_RCE.NASL", "STRUTS_2_5_10_1_WIN_LOCAL.NASL", "STRUTS_2_5_13_S2041.NASL", "STUNNEL_5_02.NASL", "STUNNEL_5_06.NASL", "STUNNEL_5_12.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_COMPAT-OPENSSL097G-150317.NASL", "SUSE_11_EVOLUTION-DATA-SERVER-141114.NASL", "SUSE_11_GLIBC-150122.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_JAVA-1_7_0-IBM-141121.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBMYSQL55CLIENT18-150302.NASL", "SUSE_11_LIBOPENSSL-DEVEL-140604.NASL", "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "SUSE_11_LIBOPENSSL-DEVEL-150112.NASL", "SUSE_11_LIBOPENSSL-DEVEL-150317.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_11_PYTHON-201403-140331.NASL", "SUSE_11_SUSEREGISTER-141121.NASL", "SUSE_GLIBC-9035.NASL", "SUSE_SU-2014-1387-1.NASL", "SUSE_SU-2014-1512-1.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2015-0541-1.NASL", "SUSE_SU-2015-0553-1.NASL", "SUSE_SU-2015-0743-1.NASL", "SUSE_SU-2015-0946-1.NASL", "SUSE_SU-2015-1143-1.NASL", "SUSE_SU-2015-1150-1.NASL", "SUSE_SU-2015-1181-2.NASL", "SUSE_SU-2015-1182-2.NASL", "SUSE_SU-2015-1183-2.NASL", "SUSE_SU-2015-1184-1.NASL", "SUSE_SU-2015-1184-2.NASL", "SUSE_SU-2015-2230-1.NASL", "SUSE_SU-2015-2237-1.NASL", "SUSE_SU-2015-2251-1.NASL", "SUSE_SU-2015-2275-1.NASL", "SUSE_SU-2015-2303-1.NASL", "SUSE_SU-2015-2342-1.NASL", "SUSE_SU-2016-0617-1.NASL", "SUSE_SU-2016-0620-1.NASL", "SUSE_SU-2016-0624-1.NASL", "SUSE_SU-2016-0631-1.NASL", "SUSE_SU-2016-0641-1.NASL", "SUSE_SU-2016-0678-1.NASL", "SUSE_SU-2016-0727-1.NASL", "SUSE_SU-2016-0777-1.NASL", "SUSE_SU-2016-0820-1.NASL", "SUSE_SU-2016-0909-1.NASL", "SUSE_SU-2016-1228-1.NASL", "SUSE_SU-2016-1233-1.NASL", "SUSE_SU-2016-1267-1.NASL", "SUSE_SU-2016-1290-1.NASL", "SUSE_SU-2016-1360-1.NASL", "SUSE_SU-2016-1457-1.NASL", "SUSE_SU-2016-1691-1.NASL", "SUSE_SU-2016-1799-1.NASL", "SUSE_SU-2016-2061-1.NASL", "SUSE_SU-2016-2090-1.NASL", "SUSE_SU-2016-2246-1.NASL", "SUSE_SU-2016-2263-1.NASL", "SUSE_SU-2016-2285-1.NASL", "SUSE_SU-2016-2329-1.NASL", "SUSE_SU-2016-2387-1.NASL", "SUSE_SU-2016-2394-1.NASL", "SUSE_SU-2016-2396-1.NASL", "SUSE_SU-2016-2458-1.NASL", "SUSE_SU-2016-2468-1.NASL", "SUSE_SU-2016-2470-1.NASL", "SUSE_SU-2016-2941-1.NASL", "SUSE_SU-2017-0346-1.NASL", "SUSE_SU-2017-0431-1.NASL", "SUSE_SU-2017-0441-1.NASL", "SUSE_SU-2017-0460-1.NASL", "SUSE_SU-2017-0461-1.NASL", "SUSE_SU-2017-0490-1.NASL", "SUSE_SU-2017-0585-1.NASL", "SUSE_SU-2017-0605-1.NASL", "SUSE_SU-2017-0716-1.NASL", "SUSE_SU-2017-0719-1.NASL", "SUSE_SU-2017-0720-1.NASL", "SUSE_SU-2017-0726-1.NASL", "SUSE_SU-2017-0839-1.NASL", "SUSE_SU-2017-0855-1.NASL", "SUSE_SU-2017-1175-1.NASL", "SUSE_SU-2017-1248-1.NASL", "SUSE_SU-2017-1389-1.NASL", "SUSE_SU-2017-1444-1.NASL", "SUSE_SU-2017-2175-1.NASL", "SUSE_SU-2017-2263-1.NASL", "SUSE_SU-2017-2280-1.NASL", "SUSE_SU-2017-2281-1.NASL", "SUSE_SU-2017-2290-1.NASL", "SUSE_SU-2017-2921-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0005-1.NASL", "SUSE_SU-2018-0079-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-3082-1.NASL", "SUSE_SU-2020-0234-1.NASL", "SYMANTEC_CONTENT_ANALYSIS_SYMSA1419.NASL", "TENABLE_OT_SIEMENS_CVE-2014-0224.NASL", "TOMCAT_6_0_24.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_6_0_44.NASL", "TOMCAT_7_0_55.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_7_0_60.NASL", "TOMCAT_7_0_70.NASL", "TOMCAT_8_0_11.NASL", "TOMCAT_8_0_15.NASL", "TOMCAT_8_0_21.NASL", "TOMCAT_8_0_43.NASL", "TOMCAT_8_5_13.NASL", "UBUNTU_USN-2125-1.NASL", "UBUNTU_USN-2232-1.NASL", "UBUNTU_USN-2232-2.NASL", "UBUNTU_USN-2232-3.NASL", "UBUNTU_USN-2232-4.NASL", "UBUNTU_USN-2459-1.NASL", "UBUNTU_USN-2485-1.NASL", "UBUNTU_USN-2486-1.NASL", "UBUNTU_USN-2487-1.NASL", "UBUNTU_USN-2537-1.NASL", "UBUNTU_USN-2551-1.NASL", "UBUNTU_USN-2639-1.NASL", "UBUNTU_USN-2830-1.NASL", "UBUNTU_USN-2878-1.NASL", "UBUNTU_USN-2916-1.NASL", "UBUNTU_USN-2917-1.NASL", "UBUNTU_USN-2917-2.NASL", "UBUNTU_USN-2917-3.NASL", "UBUNTU_USN-2924-1.NASL", "UBUNTU_USN-2934-1.NASL", "UBUNTU_USN-2959-1.NASL", "UBUNTU_USN-2973-1.NASL", "UBUNTU_USN-2993-1.NASL", "UBUNTU_USN-3024-1.NASL", "UBUNTU_USN-3027-1.NASL", "UBUNTU_USN-3029-1.NASL", "UBUNTU_USN-3038-1.NASL", "UBUNTU_USN-3045-1.NASL", "UBUNTU_USN-3087-1.NASL", "UBUNTU_USN-3087-2.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3177-2.NASL", "UBUNTU_USN-3179-1.NASL", "UBUNTU_USN-3181-1.NASL", "UBUNTU_USN-3194-1.NASL", "UBUNTU_USN-3198-1.NASL", "UBUNTU_USN-3270-1.NASL", "UBUNTU_USN-3278-1.NASL", "UBUNTU_USN-3357-1.NASL", "UBUNTU_USN-3366-1.NASL", "UBUNTU_USN-3366-2.NASL", "UBUNTU_USN-3396-1.NASL", "UBUNTU_USN-3519-1.NASL", "UBUNTU_USN-3727-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL", "VIRTUALBOX_5_0_18.NASL", "VIRTUALBOX_5_0_22.NASL", "VIRTUALBOX_5_1_24.NASL", "VIRTUALBOX_5_1_8.NASL", "VIRTUOZZO_VZLSA-2017-0180.NASL", "VIRTUOZZO_VZLSA-2017-0269.NASL", "VIRTUOZZO_VZLSA-2017-0286.NASL", "VIRTUOZZO_VZLSA-2017-1789.NASL", "VIRTUOZZO_VZLSA-2017-2424.NASL", "VIRTUOZZO_VZLSA-2017-3080.NASL", "VIRTUOZZO_VZLSA-2017-3392.NASL", "VMWARE_ESXI_5_0_BUILD_1918656_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_1900470_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VMWARE_ESXI_5_5_BUILD_2352327_REMOTE.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL", "VMWARE_HORIZON_VIEW_CLIENT_VMSA_2014_0006.NASL", "VMWARE_HORIZON_VIEW_VMSA-2014-0006.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_OVFTOOL_VMSA_2014-0006.NASL", "VMWARE_PLAYER_LINUX_6_0_3.NASL", "VMWARE_PLAYER_MULTIPLE_VMSA_2014-0006.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_2601.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL", "VMWARE_VCENTER_CONVERTER_2014-0006.NASL", "VMWARE_VCENTER_OPERATIONS_MANAGER_VMSA_2014-0006.NASL", "VMWARE_VCENTER_SERVER_APPLIANCE_2014-0006.NASL", "VMWARE_VCENTER_SUPPORT_ASSISTANT_2014-0006.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0006.NASL", "VMWARE_VCENTER_VMSA-2014-0006.NASL", "VMWARE_VCENTER_VMSA-2015-0001.NASL", "VMWARE_VCENTER_VMSA-2015-0003.NASL", "VMWARE_VMSA-2014-0006.NASL", "VMWARE_VMSA-2014-0006_REMOTE.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_VSPHERE_REPLICATION_VMSA_2014_0006.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL", "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "VMWARE_WORKSTATION_MULTIPLE_VMSA_2014_0006.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "WEBSPHERE_544293.NASL", "WEBSPHERE_547999.NASL", "WEBSPHERE_711865.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_0_0_10.NASL", "WEBSPHERE_8_5_5_4.NASL", "WEBSPHERE_8_5_5_7.NASL", "WEB_APPLICATION_SCANNING_112304", "WEB_APPLICATION_SCANNING_112312", "WEB_APPLICATION_SCANNING_112726", "WEB_APPLICATION_SCANNING_98814", "WEB_APPLICATION_SCANNING_98829", "WEB_APPLICATION_SCANNING_98855", "WEB_APPLICATION_SCANNING_98910", "WINSCP_5_5_4.NASL", "WMI_INTEL-SA-00075.NBIN", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AM.NASL", "XEROX_XRX15AO_COLORQUBE.NASL", "XEROX_XRX15R.NASL"]}, {"type": "nmap", "idList": ["NMAP:HTTP-VULN-CVE2017-5638.NSE", "NMAP:HTTP-VULN-CVE2017-5689.NSE", "NMAP:SSL-CCS-INJECTION.NSE", "NMAP:SSL-POODLE.NSE", "NMAP:SSLV2-DROWN.NSE"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-0224", "OPENSSL:CVE-2014-3571", "OPENSSL:CVE-2015-0286", "OPENSSL:CVE-2015-1788", "OPENSSL:CVE-2015-1789", "OPENSSL:CVE-2015-1790", "OPENSSL:CVE-2015-1791", "OPENSSL:CVE-2015-1792", "OPENSSL:CVE-2015-3195", "OPENSSL:CVE-2015-3197", "OPENSSL:CVE-2016-0800", "OPENSSL:CVE-2016-2105", "OPENSSL:CVE-2016-2106", "OPENSSL:CVE-2016-2107", "OPENSSL:CVE-2016-2108", "OPENSSL:CVE-2016-2109", "OPENSSL:CVE-2016-2177", "OPENSSL:CVE-2016-2178", "OPENSSL:CVE-2016-2179", "OPENSSL:CVE-2016-2180", "OPENSSL:CVE-2016-2181", "OPENSSL:CVE-2016-2182", "OPENSSL:CVE-2016-2183", "OPENSSL:CVE-2016-6302", "OPENSSL:CVE-2016-6303", "OPENSSL:CVE-2016-6304", "OPENSSL:CVE-2016-6305", "OPENSSL:CVE-2016-6306", "OPENSSL:CVE-2016-6307", "OPENSSL:CVE-2016-6308", "OPENSSL:CVE-2016-6309", "OPENSSL:CVE-2016-7052", "OPENSSL:CVE-2016-7055", "OPENSSL:CVE-2017-3731", "OPENSSL:CVE-2017-3732", "OPENSSL:CVE-2017-3738"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105042", "OPENVAS:1361412562310105043", "OPENVAS:1361412562310105044", "OPENVAS:1361412562310105045", "OPENVAS:1361412562310105056", "OPENVAS:1361412562310105057", "OPENVAS:1361412562310105129", "OPENVAS:1361412562310105130", "OPENVAS:1361412562310105158", "OPENVAS:1361412562310105188", "OPENVAS:1361412562310105190", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105192", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310105203", "OPENVAS:1361412562310105209", "OPENVAS:1361412562310105249", "OPENVAS:1361412562310105264", "OPENVAS:1361412562310105308", "OPENVAS:1361412562310105363", "OPENVAS:1361412562310105364", "OPENVAS:1361412562310105365", "OPENVAS:1361412562310105369", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310105605", "OPENVAS:1361412562310105678", "OPENVAS:1361412562310105679", "OPENVAS:1361412562310105692", "OPENVAS:1361412562310105732", "OPENVAS:1361412562310105798", "OPENVAS:1361412562310105828", "OPENVAS:1361412562310105946", "OPENVAS:1361412562310105950", "OPENVAS:1361412562310106048", "OPENVAS:1361412562310106049", "OPENVAS:1361412562310106262", "OPENVAS:1361412562310106267", "OPENVAS:1361412562310106284", "OPENVAS:1361412562310106285", "OPENVAS:1361412562310106286", "OPENVAS:1361412562310106353", "OPENVAS:1361412562310106355", "OPENVAS:1361412562310106356", "OPENVAS:1361412562310106390", "OPENVAS:1361412562310106426", "OPENVAS:1361412562310106428", "OPENVAS:1361412562310106460", "OPENVAS:1361412562310106510", "OPENVAS:1361412562310106609", "OPENVAS:1361412562310106619", "OPENVAS:1361412562310106640", "OPENVAS:1361412562310106641", "OPENVAS:1361412562310106646", "OPENVAS:1361412562310106647", "OPENVAS:1361412562310106652", "OPENVAS:1361412562310106653", "OPENVAS:1361412562310106736", "OPENVAS:1361412562310106828", "OPENVAS:1361412562310106949", "OPENVAS:1361412562310107015", "OPENVAS:1361412562310107016", "OPENVAS:1361412562310107048", "OPENVAS:1361412562310107049", "OPENVAS:1361412562310107050", "OPENVAS:1361412562310107051", "OPENVAS:1361412562310107052", "OPENVAS:1361412562310107053", "OPENVAS:1361412562310107054", "OPENVAS:1361412562310107055", "OPENVAS:1361412562310107056", "OPENVAS:1361412562310107057", "OPENVAS:1361412562310107141", "OPENVAS:1361412562310108031", "OPENVAS:1361412562310108372", "OPENVAS:1361412562310108375", "OPENVAS:1361412562310108376", "OPENVAS:1361412562310108377", "OPENVAS:1361412562310108771", "OPENVAS:1361412562310108772", "OPENVAS:1361412562310108773", "OPENVAS:1361412562310111012", "OPENVAS:1361412562310120000", "OPENVAS:1361412562310120033", "OPENVAS:1361412562310120153", "OPENVAS:1361412562310120154", "OPENVAS:1361412562310120164", "OPENVAS:1361412562310120167", "OPENVAS:1361412562310120170", "OPENVAS:1361412562310120188", "OPENVAS:1361412562310120189", "OPENVAS:1361412562310120286", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120288", "OPENVAS:1361412562310120310", "OPENVAS:1361412562310120311", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310120456", "OPENVAS:1361412562310120468", "OPENVAS:1361412562310120604", "OPENVAS:1361412562310120608", "OPENVAS:1361412562310120651", "OPENVAS:1361412562310120657", "OPENVAS:1361412562310120672", "OPENVAS:1361412562310120684", "OPENVAS:1361412562310120691", "OPENVAS:1361412562310120711", "OPENVAS:1361412562310120714", "OPENVAS:1361412562310120717", "OPENVAS:1361412562310120720", "OPENVAS:1361412562310120725", "OPENVAS:1361412562310120738", "OPENVAS:1361412562310120744", "OPENVAS:1361412562310121244", "OPENVAS:1361412562310121285", "OPENVAS:1361412562310121358", "OPENVAS:1361412562310121364", "OPENVAS:1361412562310121365", "OPENVAS:1361412562310121379", "OPENVAS:1361412562310121395", "OPENVAS:1361412562310121439", "OPENVAS:1361412562310122791", "OPENVAS:1361412562310122792", "OPENVAS:1361412562310122803", "OPENVAS:1361412562310122804", "OPENVAS:1361412562310122870", "OPENVAS:1361412562310122888", "OPENVAS:1361412562310122889", "OPENVAS:1361412562310122890", "OPENVAS:1361412562310122895", "OPENVAS:1361412562310122897", "OPENVAS:1361412562310122898", "OPENVAS:1361412562310122919", "OPENVAS:1361412562310122924", "OPENVAS:1361412562310122932", "OPENVAS:1361412562310122933", "OPENVAS:1361412562310123017", "OPENVAS:1361412562310123066", "OPENVAS:1361412562310123086", "OPENVAS:1361412562310123099", "OPENVAS:1361412562310123140", "OPENVAS:1361412562310123153", "OPENVAS:1361412562310123154", "OPENVAS:1361412562310123178", "OPENVAS:1361412562310123196", "OPENVAS:1361412562310123197", "OPENVAS:1361412562310123198", "OPENVAS:1361412562310123200", "OPENVAS:1361412562310123201", "OPENVAS:1361412562310123202", "OPENVAS:1361412562310123203", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310123365", "OPENVAS:1361412562310123368", "OPENVAS:1361412562310123401", "OPENVAS:1361412562310123402", "OPENVAS:1361412562310123403", "OPENVAS:1361412562310130082", "OPENVAS:1361412562310131144", "OPENVAS:1361412562310131170", "OPENVAS:1361412562310131177", "OPENVAS:1361412562310131192", "OPENVAS:1361412562310131222", "OPENVAS:1361412562310131255", "OPENVAS:1361412562310131260", "OPENVAS:1361412562310131269", "OPENVAS:1361412562310131285", "OPENVAS:1361412562310140019", "OPENVAS:1361412562310140020", "OPENVAS:1361412562310140037", "OPENVAS:1361412562310140047", "OPENVAS:1361412562310140048", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310140180", "OPENVAS:1361412562310140190", "OPENVAS:1361412562310140192", "OPENVAS:1361412562310140229", "OPENVAS:1361412562310141398", "OPENVAS:1361412562310141826", "OPENVAS:1361412562310143949", "OPENVAS:1361412562310143972", "OPENVAS:1361412562310702880", "OPENVAS:1361412562310702950", "OPENVAS:1361412562310703053", "OPENVAS:1361412562310703125", "OPENVAS:1361412562310703142", "OPENVAS:1361412562310703144", "OPENVAS:1361412562310703147", "OPENVAS:1361412562310703197", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703287", "OPENVAS:1361412562310703413", "OPENVAS:1361412562310703417", "OPENVAS:1361412562310703441", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310703501", "OPENVAS:1361412562310703510", "OPENVAS:1361412562310703520", "OPENVAS:1361412562310703524", "OPENVAS:1361412562310703566", "OPENVAS:1361412562310703576", "OPENVAS:1361412562310703609", "OPENVAS:1361412562310703611", "OPENVAS:1361412562310703614", "OPENVAS:1361412562310703623", "OPENVAS:1361412562310703631", "OPENVAS:1361412562310703673", "OPENVAS:1361412562310703688", "OPENVAS:1361412562310703773", "OPENVAS:1361412562310703842", "OPENVAS:1361412562310703843", "OPENVAS:1361412562310703919", "OPENVAS:1361412562310703922", "OPENVAS:1361412562310703944", "OPENVAS:1361412562310703954", "OPENVAS:1361412562310703955", "OPENVAS:1361412562310704005", "OPENVAS:136141256231071483", "OPENVAS:1361412562310802087", "OPENVAS:1361412562310804322", "OPENVAS:1361412562310805676", "OPENVAS:1361412562310806125", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310806655", "OPENVAS:1361412562310806656", "OPENVAS:1361412562310806675", "OPENVAS:1361412562310806676", "OPENVAS:1361412562310806693", "OPENVAS:1361412562310806731", "OPENVAS:1361412562310806733", "OPENVAS:1361412562310806744", "OPENVAS:1361412562310806745", "OPENVAS:1361412562310806746", "OPENVAS:1361412562310806747", "OPENVAS:1361412562310806913", "OPENVAS:1361412562310806966", "OPENVAS:1361412562310806988", "OPENVAS:1361412562310806991", "OPENVAS:1361412562310806992", "OPENVAS:1361412562310807034", "OPENVAS:1361412562310807047", "OPENVAS:1361412562310807218", "OPENVAS:1361412562310807228", "OPENVAS:1361412562310807351", "OPENVAS:1361412562310807461", "OPENVAS:1361412562310807497", "OPENVAS:1361412562310807520", "OPENVAS:1361412562310807521", "OPENVAS:1361412562310807522", "OPENVAS:1361412562310807523", "OPENVAS:1361412562310807569", "OPENVAS:1361412562310807570", "OPENVAS:1361412562310807598", "OPENVAS:1361412562310807627", "OPENVAS:1361412562310807628", "OPENVAS:1361412562310807809", "OPENVAS:1361412562310807812", "OPENVAS:1361412562310807813", "OPENVAS:1361412562310807816", "OPENVAS:1361412562310807817", "OPENVAS:1361412562310807997", "OPENVAS:1361412562310808016", "OPENVAS:1361412562310808029", "OPENVAS:1361412562310808155", "OPENVAS:1361412562310808156", "OPENVAS:1361412562310808197", "OPENVAS:1361412562310808272", "OPENVAS:1361412562310808374", "OPENVAS:1361412562310808407", "OPENVAS:1361412562310808523", "OPENVAS:1361412562310808530", "OPENVAS:1361412562310808536", "OPENVAS:1361412562310808537", "OPENVAS:1361412562310808538", "OPENVAS:1361412562310808590", "OPENVAS:1361412562310808596", "OPENVAS:1361412562310808618", "OPENVAS:1361412562310808627", "OPENVAS:1361412562310808628", "OPENVAS:1361412562310808629", "OPENVAS:1361412562310808631", "OPENVAS:1361412562310808632", "OPENVAS:1361412562310808693", "OPENVAS:1361412562310808694", "OPENVAS:1361412562310808695", "OPENVAS:1361412562310808696", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310808719", "OPENVAS:1361412562310808721", "OPENVAS:1361412562310808723", "OPENVAS:1361412562310808725", "OPENVAS:1361412562310808726", "OPENVAS:1361412562310808728", "OPENVAS:1361412562310808733", "OPENVAS:1361412562310808738", "OPENVAS:1361412562310808757", "OPENVAS:1361412562310808758", "OPENVAS:1361412562310808829", "OPENVAS:1361412562310808839", "OPENVAS:1361412562310809055", "OPENVAS:1361412562310809062", "OPENVAS:1361412562310809075", "OPENVAS:1361412562310809076", "OPENVAS:1361412562310809077", "OPENVAS:1361412562310809211", "OPENVAS:1361412562310809213", "OPENVAS:1361412562310809376", "OPENVAS:1361412562310809377", "OPENVAS:1361412562310809417", "OPENVAS:1361412562310809474", "OPENVAS:1361412562310809475", "OPENVAS:1361412562310809476", "OPENVAS:1361412562310809477", "OPENVAS:1361412562310809478", "OPENVAS:1361412562310809709", "OPENVAS:1361412562310809782", "OPENVAS:1361412562310809955", "OPENVAS:1361412562310810182", "OPENVAS:1361412562310810184", "OPENVAS:1361412562310810227", "OPENVAS:1361412562310810232", "OPENVAS:1361412562310810233", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310810543", "OPENVAS:1361412562310810544", "OPENVAS:1361412562310810567", "OPENVAS:1361412562310810728", "OPENVAS:1361412562310810747", "OPENVAS:1361412562310810748", "OPENVAS:1361412562310810762", "OPENVAS:1361412562310810763", "OPENVAS:1361412562310810766", "OPENVAS:1361412562310810767", "OPENVAS:1361412562310810996", "OPENVAS:1361412562310810997", "OPENVAS:1361412562310811241", "OPENVAS:1361412562310811242", "OPENVAS:1361412562310811243", "OPENVAS:1361412562310811244", "OPENVAS:1361412562310811245", "OPENVAS:1361412562310811246", "OPENVAS:1361412562310811247", "OPENVAS:1361412562310811248", "OPENVAS:1361412562310811249", "OPENVAS:1361412562310811250", "OPENVAS:1361412562310811405", "OPENVAS:1361412562310811430", "OPENVAS:1361412562310811431", "OPENVAS:1361412562310811432", "OPENVAS:1361412562310811433", "OPENVAS:1361412562310811434", "OPENVAS:1361412562310811435", "OPENVAS:1361412562310811436", "OPENVAS:1361412562310811437", "OPENVAS:1361412562310811438", "OPENVAS:1361412562310811439", "OPENVAS:1361412562310811440", "OPENVAS:1361412562310811441", "OPENVAS:1361412562310811529", "OPENVAS:1361412562310811530", "OPENVAS:1361412562310811531", "OPENVAS:1361412562310811532", "OPENVAS:1361412562310811871", "OPENVAS:1361412562310811960", "OPENVAS:1361412562310811989", "OPENVAS:1361412562310811990", "OPENVAS:1361412562310812057", "OPENVAS:1361412562310812058", "OPENVAS:1361412562310812340", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310813191", "OPENVAS:1361412562310841733", "OPENVAS:1361412562310841843", "OPENVAS:1361412562310841854", "OPENVAS:1361412562310841867", "OPENVAS:1361412562310841933", "OPENVAS:1361412562310842062", "OPENVAS:1361412562310842076", "OPENVAS:1361412562310842077", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842136", "OPENVAS:1361412562310842149", "OPENVAS:1361412562310842242", "OPENVAS:1361412562310842552", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842615", "OPENVAS:1361412562310842672", "OPENVAS:1361412562310842678", "OPENVAS:1361412562310842681", "OPENVAS:1361412562310842718", "OPENVAS:1361412562310842723", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310842769", "OPENVAS:1361412562310842785", "OPENVAS:1361412562310842823", "OPENVAS:1361412562310842824", "OPENVAS:1361412562310842825", "OPENVAS:1361412562310842839", "OPENVAS:1361412562310842844", "OPENVAS:1361412562310842896", "OPENVAS:1361412562310842898", "OPENVAS:1361412562310843024", "OPENVAS:1361412562310843026", "OPENVAS:1361412562310843029", "OPENVAS:1361412562310843035", "OPENVAS:1361412562310843048", "OPENVAS:1361412562310843052", "OPENVAS:1361412562310843145", "OPENVAS:1361412562310843171", "OPENVAS:1361412562310843246", "OPENVAS:1361412562310843258", "OPENVAS:1361412562310843265", "OPENVAS:1361412562310843292", "OPENVAS:1361412562310843407", "OPENVAS:1361412562310843603", "OPENVAS:1361412562310850590", "OPENVAS:1361412562310850591", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850630", "OPENVAS:1361412562310850633", "OPENVAS:1361412562310850661", "OPENVAS:1361412562310850671", "OPENVAS:1361412562310850678", "OPENVAS:1361412562310850749", "OPENVAS:1361412562310850751", "OPENVAS:1361412562310850760", "OPENVAS:1361412562310850771", "OPENVAS:1361412562310850791", "OPENVAS:1361412562310850800", "OPENVAS:1361412562310850827", "OPENVAS:1361412562310850839", "OPENVAS:1361412562310850844", "OPENVAS:1361412562310850849", "OPENVAS:1361412562310850875", "OPENVAS:1361412562310850877", "OPENVAS:1361412562310850889", "OPENVAS:1361412562310850905", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850914", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850960", "OPENVAS:1361412562310850964", "OPENVAS:1361412562310850981", "OPENVAS:1361412562310850983", "OPENVAS:1361412562310851044", "OPENVAS:1361412562310851077", "OPENVAS:1361412562310851127", "OPENVAS:1361412562310851141", "OPENVAS:1361412562310851219", "OPENVAS:1361412562310851221", "OPENVAS:1361412562310851222", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851224", "OPENVAS:1361412562310851228", "OPENVAS:1361412562310851229", "OPENVAS:1361412562310851230", "OPENVAS:1361412562310851234", "OPENVAS:1361412562310851289", "OPENVAS:1361412562310851295", "OPENVAS:1361412562310851296", "OPENVAS:1361412562310851297", "OPENVAS:1361412562310851298", "OPENVAS:1361412562310851299", "OPENVAS:1361412562310851308", "OPENVAS:1361412562310851309", "OPENVAS:1361412562310851323", "OPENVAS:1361412562310851333", "OPENVAS:1361412562310851334", "OPENVAS:1361412562310851337", "OPENVAS:1361412562310851359", "OPENVAS:1361412562310851397", "OPENVAS:1361412562310851399", "OPENVAS:1361412562310851406", "OPENVAS:1361412562310851412", "OPENVAS:1361412562310851430", "OPENVAS:1361412562310851485", "OPENVAS:1361412562310851494", "OPENVAS:1361412562310851505", "OPENVAS:1361412562310851553", "OPENVAS:1361412562310851633", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851679", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310867505", "OPENVAS:1361412562310867510", "OPENVAS:1361412562310867850", "OPENVAS:1361412562310867851", "OPENVAS:1361412562310868079", "OPENVAS:1361412562310868082", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868453", "OPENVAS:1361412562310868454", "OPENVAS:1361412562310868455", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868467", "OPENVAS:1361412562310868468", "OPENVAS:1361412562310868471", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868597", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868601", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868693", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310868770", "OPENVAS:1361412562310868824", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868921", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869039", "OPENVAS:1361412562310869045", "OPENVAS:1361412562310869053", "OPENVAS:1361412562310869084", "OPENVAS:1361412562310869117", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310869342", "OPENVAS:1361412562310869465", "OPENVAS:1361412562310869605", "OPENVAS:1361412562310869719", "OPENVAS:1361412562310869732", "OPENVAS:1361412562310869740", "OPENVAS:1361412562310869742", "OPENVAS:1361412562310869959", "OPENVAS:1361412562310871172", "OPENVAS:1361412562310871174", "OPENVAS:1361412562310871176", "OPENVAS:1361412562310871183", "OPENVAS:1361412562310871188", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871297", "OPENVAS:1361412562310871300", "OPENVAS:1361412562310871303", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310871307", "OPENVAS:1361412562310871308", "OPENVAS:1361412562310871339", "OPENVAS:1361412562310871340", "OPENVAS:1361412562310871376", "OPENVAS:1361412562310871385", "OPENVAS:1361412562310871404", "OPENVAS:1361412562310871440", "OPENVAS:1361412562310871511", "OPENVAS:1361412562310871512", "OPENVAS:1361412562310871520", "OPENVAS:1361412562310871521", "OPENVAS:1361412562310871529", "OPENVAS:1361412562310871563", "OPENVAS:1361412562310871564", "OPENVAS:1361412562310871567", "OPENVAS:1361412562310871569", "OPENVAS:1361412562310871570", "OPENVAS:1361412562310871592", "OPENVAS:1361412562310871602", "OPENVAS:1361412562310871603", "OPENVAS:1361412562310871610", "OPENVAS:1361412562310871614", "OPENVAS:1361412562310871625", "OPENVAS:1361412562310871637", "OPENVAS:1361412562310871638", "OPENVAS:1361412562310871649", "OPENVAS:1361412562310871650", "OPENVAS:1361412562310871663", "OPENVAS:1361412562310871669", "OPENVAS:1361412562310871670", "OPENVAS:1361412562310871701", "OPENVAS:1361412562310871718", "OPENVAS:1361412562310871749", "OPENVAS:1361412562310871758", "OPENVAS:1361412562310871760", "OPENVAS:1361412562310871845", "OPENVAS:1361412562310871876", "OPENVAS:1361412562310871961", "OPENVAS:1361412562310871971", "OPENVAS:1361412562310871989", "OPENVAS:1361412562310872286", "OPENVAS:1361412562310872299", "OPENVAS:1361412562310872342", "OPENVAS:1361412562310872359", "OPENVAS:1361412562310872623", "OPENVAS:1361412562310872624", "OPENVAS:1361412562310873242", "OPENVAS:1361412562310873246", "OPENVAS:1361412562310873283", "OPENVAS:1361412562310873286", "OPENVAS:1361412562310873323", "OPENVAS:1361412562310873333", "OPENVAS:1361412562310874410", "OPENVAS:1361412562310881939", "OPENVAS:1361412562310881943", "OPENVAS:1361412562310881944", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310882062", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882089", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882095", "OPENVAS:1361412562310882097", "OPENVAS:1361412562310882098", "OPENVAS:1361412562310882101", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882105", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882107", "OPENVAS:1361412562310882108", "OPENVAS:1361412562310882109", "OPENVAS:1361412562310882132", "OPENVAS:1361412562310882147", "OPENVAS:1361412562310882198", "OPENVAS:1361412562310882199", "OPENVAS:1361412562310882215", "OPENVAS:1361412562310882269", "OPENVAS:1361412562310882270", "OPENVAS:1361412562310882333", "OPENVAS:1361412562310882337", "OPENVAS:1361412562310882339", "OPENVAS:1361412562310882340", "OPENVAS:1361412562310882403", "OPENVAS:1361412562310882404", "OPENVAS:1361412562310882405", "OPENVAS:1361412562310882408", "OPENVAS:1361412562310882409", "OPENVAS:1361412562310882412", "OPENVAS:1361412562310882414", "OPENVAS:1361412562310882415", "OPENVAS:1361412562310882446", "OPENVAS:1361412562310882447", "OPENVAS:1361412562310882449", "OPENVAS:1361412562310882472", "OPENVAS:1361412562310882473", "OPENVAS:1361412562310882474", "OPENVAS:1361412562310882475", "OPENVAS:1361412562310882476", "OPENVAS:1361412562310882477", "OPENVAS:1361412562310882486", "OPENVAS:1361412562310882496", "OPENVAS:1361412562310882520", "OPENVAS:1361412562310882521", "OPENVAS:1361412562310882522", "OPENVAS:1361412562310882533", "OPENVAS:1361412562310882540", "OPENVAS:1361412562310882542", "OPENVAS:1361412562310882566", "OPENVAS:1361412562310882569", "OPENVAS:1361412562310882575", "OPENVAS:1361412562310882576", "OPENVAS:1361412562310882593", "OPENVAS:1361412562310882596", "OPENVAS:1361412562310882597", "OPENVAS:1361412562310882639", "OPENVAS:1361412562310882640", "OPENVAS:1361412562310882655", "OPENVAS:1361412562310882656", "OPENVAS:1361412562310882657", "OPENVAS:1361412562310882659", "OPENVAS:1361412562310882660", "OPENVAS:1361412562310882754", "OPENVAS:1361412562310882756", "OPENVAS:1361412562310882758", "OPENVAS:1361412562310882795", "OPENVAS:1361412562310882796", "OPENVAS:1361412562310882808", "OPENVAS:1361412562310882816", "OPENVAS:1361412562310882919", "OPENVAS:1361412562310882940", "OPENVAS:1361412562310890814", "OPENVAS:1361412562310890924", "OPENVAS:1361412562310891043", "OPENVAS:1361412562310891073", "OPENVAS:1361412562310891883", "OPENVAS:1361412562311220161003", "OPENVAS:1361412562311220161017", "OPENVAS:1361412562311220161030", "OPENVAS:1361412562311220161047", "OPENVAS:1361412562311220161049", "OPENVAS:1361412562311220161054", "OPENVAS:1361412562311220161084", "OPENVAS:1361412562311220161090", "OPENVAS:1361412562311220171015", "OPENVAS:1361412562311220171016", "OPENVAS:1361412562311220171027", "OPENVAS:1361412562311220171028", "OPENVAS:1361412562311220171029", "OPENVAS:1361412562311220171030", "OPENVAS:1361412562311220171039", "OPENVAS:1361412562311220171040", "OPENVAS:1361412562311220171150", "OPENVAS:1361412562311220171151", "OPENVAS:1361412562311220171169", "OPENVAS:1361412562311220171170", "OPENVAS:1361412562311220171207", "OPENVAS:1361412562311220171208", "OPENVAS:1361412562311220171261", "OPENVAS:1361412562311220171262", "OPENVAS:1361412562311220171322", "OPENVAS:1361412562311220171323", "OPENVAS:1361412562311220171330", "OPENVAS:1361412562311220171331", "OPENVAS:1361412562311220181302", "OPENVAS:1361412562311220181303", "OPENVAS:1361412562311220181337", "OPENVAS:1361412562311220181346", "OPENVAS:1361412562311220191386", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191403", "OPENVAS:1361412562311220191419", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191541", "OPENVAS:1361412562311220191542", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220191548", "OPENVAS:1361412562311220191551", "OPENVAS:1361412562311220191861", "OPENVAS:1361412562311220191980", "OPENVAS:1361412562311220192217", "OPENVAS:1361412562311220192271", "OPENVAS:1361412562311220192509", "OPENVAS:1361412562311220192643", "OPENVAS:1361412562311220201420", "OPENVAS:1361412562311220201574", "OPENVAS:1361412562311220201637", "OPENVAS:1361412562311220201689", "OPENVAS:1361412562311220201774", "OPENVAS:702880", "OPENVAS:702950", "OPENVAS:703053", "OPENVAS:703125", "OPENVAS:703142", "OPENVAS:703144", "OPENVAS:703147", "OPENVAS:703197", "OPENVAS:703253", "OPENVAS:703287", "OPENVAS:703413", "OPENVAS:703417", "OPENVAS:703441", "OPENVAS:703489", "OPENVAS:703501", "OPENVAS:703510", "OPENVAS:703520", "OPENVAS:703524", "OPENVAS:703566", "OPENVAS:703576", "OPENVAS:703609", "OPENVAS:703611", "OPENVAS:703614", "OPENVAS:703623", "OPENVAS:703631", "OPENVAS:703673", "OPENVAS:703688", "OPENVAS:703773", "OPENVAS:703842", "OPENVAS:703843", "OPENVAS:703919", "OPENVAS:703922", "OPENVAS:71483", "OPENVAS:841733", "OPENVAS:867505", "OPENVAS:867510"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000007", "OPENWRT-SA-000008", "OPENWRT-SA-000009"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2015-2365600", "ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2016V3-2985753", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2017-3236618", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2018-3678067", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2015-1972971", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2016-2367955", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2017-2881727", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2018-3236628", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2015-2367936", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2016-2881720", "ORACLE:CPUJUL2017-3236622", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2018-4258247", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2019-5072835", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2016-2881722", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2017-3236626", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2018-4428296", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2019-5072832", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0624", "ELSA-2014-0625", "ELSA-2014-0626", "ELSA-2014-0679", "ELSA-2014-0680", "ELSA-2014-1053", "ELSA-2014-1652", "ELSA-2014-1653", "ELSA-2014-3040", "ELSA-2015-0066", "ELSA-2015-0067", "ELSA-2015-0068", "ELSA-2015-0069", "ELSA-2015-0085", "ELSA-2015-0090", "ELSA-2015-0092", "ELSA-2015-0101", "ELSA-2015-0327", "ELSA-2015-0715", "ELSA-2015-0716", "ELSA-2015-0800", "ELSA-2015-1064", "ELSA-2015-1115", "ELSA-2015-1197", "ELSA-2015-1330", "ELSA-2015-1627", "ELSA-2015-1695", "ELSA-2015-2521", "ELSA-2015-2522", "ELSA-2015-2616", "ELSA-2015-2617", "ELSA-2015-2671", "ELSA-2015-3010", "ELSA-2015-3022", "ELSA-2016-0301", "ELSA-2016-0302", "ELSA-2016-0370", "ELSA-2016-0371", "ELSA-2016-0372", "ELSA-2016-0591", "ELSA-2016-0684", "ELSA-2016-0685", "ELSA-2016-0722", "ELSA-2016-0996", "ELSA-2016-1137", "ELSA-2016-1421", "ELSA-2016-1422", "ELSA-2016-1538", "ELSA-2016-1609", "ELSA-2016-1613", "ELSA-2016-1940", "ELSA-2016-2045", "ELSA-2016-2046", "ELSA-2016-2598", "ELSA-2016-2599", "ELSA-2016-2779", "ELSA-2016-3523", "ELSA-2016-3556", "ELSA-2016-3558", "ELSA-2016-3571", "ELSA-2016-3576", "ELSA-2016-3621", "ELSA-2016-3627", "ELSA-2017-0286", "ELSA-2017-1789", "ELSA-2017-1809", "ELSA-2017-2192", "ELSA-2017-2247", "ELSA-2017-2424", "ELSA-2017-2486", "ELSA-2017-3080", "ELSA-2017-3081", "ELSA-2017-3392", "ELSA-2017-3518", "ELSA-2017-3519", "ELSA-2018-2123", "ELSA-2018-2439", "ELSA-2018-3041", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-0003-1", "OSV:DLA-0008-1", "OSV:DLA-1043-1", "OSV:DLA-1073-1", "OSV:DLA-132-1", "OSV:DLA-139-1", "OSV:DLA-157-1", "OSV:DLA-177-1", "OSV:DLA-1883-1", "OSV:DLA-247-1", "OSV:DLA-25-1", "OSV:DLA-25-2", "OSV:DLA-25-3", "OSV:DLA-274-1", "OSV:DLA-282-1", "OSV:DLA-358-1", "OSV:DLA-361-1", "OSV:DLA-400-1", "OSV:DLA-421-1", "OSV:DLA-456-1", "OSV:DLA-472-1", "OSV:DLA-480-1", "OSV:DLA-527-1", "OSV:DLA-528-1", "OSV:DLA-529-1", "OSV:DLA-553-1", "OSV:DLA-568-1", "OSV:DLA-637-1", "OSV:DLA-749-1", "OSV:DLA-794-1", "OSV:DLA-81-1", "OSV:DLA-814-1", "OSV:DLA-924-1", "OSV:DLA-924-2", "OSV:DSA-2504-1", "OSV:DSA-2880-1", "OSV:DSA-2950-1", "OSV:DSA-3053-1", "OSV:DSA-3092-1", "OSV:DSA-3125-1", "OSV:DSA-3142-1", "OSV:DSA-3144-1", "OSV:DSA-3147-1", "OSV:DSA-3197-1", "OSV:DSA-3197-2", "OSV:DSA-3253-1", "OSV:DSA-3287-1", "OSV:DSA-3413-1", "OSV:DSA-3417-1", "OSV:DSA-3441-1", "OSV:DSA-3489-1", "OSV:DSA-3501-1", "OSV:DSA-3510-1", "OSV:DSA-3520-1", "OSV:DSA-3524-1", "OSV:DSA-3566-1", "OSV:DSA-3576-1", "OSV:DSA-3609-1", "OSV:DSA-3611-1", "OSV:DSA-3614-1", "OSV:DSA-3623-1", "OSV:DSA-3631-1", "OSV:DSA-3673-1", "OSV:DSA-3673-2", "OSV:DSA-3688-1", "OSV:DSA-3773-1", "OSV:DSA-3842-1", "OSV:DSA-3843-1", "OSV:DSA-3919-1", "OSV:DSA-3922-1", "OSV:DSA-3944-1", "OSV:DSA-3954-1", "OSV:DSA-3955-1", "OSV:DSA-4005-1", "OSV:GHSA-3GV7-3H64-78CM", "OSV:GHSA-4MV7-CQ75-3QJM", "OSV:GHSA-6X4W-8W53-XRVV", "OSV:GHSA-7JW3-5Q4W-89QG", "OSV:GHSA-9785-W233-X6HV", "OSV:GHSA-9HG2-395J-83RM", "OSV:GHSA-F7F6-XRWC-9C57", "OSV:GHSA-FVM3-CFVJ-GXQQ", "OSV:GHSA-J77Q-2QQG-6989", "OSV:GHSA-M6CH-GG5F-WXX3", "OSV:GHSA-Q9HR-3PG4-3JP4", "OSV:GHSA-QG25-HGJV-CG9Q", "OSV:GHSA-V646-RX6W-R3QQ", "OSV:GHSA-WV88-PF73-X22P", "OSV:GHSA-XPHJ-M9CC-8FMQ"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:130115", "PACKETSTORM:130171", "PACKETSTORM:130974", "PACKETSTORM:132254", "PACKETSTORM:136649", "PACKETSTORM:141576", "PACKETSTORM:141630", "PACKETSTORM:142756", "PACKETSTORM:143369", "PACKETSTORM:143441", "PACKETSTORM:143452", "PACKETSTORM:146437", "PACKETSTORM:153278", "PACKETSTORM:164014", "PACKETSTORM:167552"]}, {"type": "paloalto", "idList": ["PAN-SA-2014-0003", "PAN-SA-2014-0005", "PAN-SA-2015-0002", "PAN-SA-2016-0020", "PAN-SA-2016-0023", "PAN-SA-2016-0028", "PAN-SA-2017-0012", "PAN-SA-2018-0011"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B", "PENTESTIT:F5DFB26B34C75683830E664CBD58178F"]}, {"type": "photon", "idList": ["PHSA-2017-0078"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:110CC96D8440CC2A1EA0521D300634ED", "QUALYSBLOG:1A5EE9D9F7F017B2137FF614703A8605", "QUALYSBLOG:5C311FA52DD78D7015076D492F321DB0", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:AB2325C5FBED5CF55517445600D470C1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:078B46BBA3057CDE37845D48479CC3DD", "RAPID7COMMUNITY:3E2118D4B45B40AADFB608DCC53EA3E8", "RAPID7COMMUNITY:CE638F8710DF0090997AF6FB196E2595"]}, {"type": "redhat", "idList": ["RHSA-2013:0191", "RHSA-2013:0192", "RHSA-2013:0194", "RHSA-2013:0195", "RHSA-2013:0196", "RHSA-2013:0198", "RHSA-2013:0221", "RHSA-2013:0533", "RHSA-2014:0624", "RHSA-2014:0625", "RHSA-2014:0626", "RHSA-2014:0627", "RHSA-2014:0628", "RHSA-2014:0629", "RHSA-2014:0630", "RHSA-2014:0631", "RHSA-2014:0632", "RHSA-2014:0679", "RHSA-2014:0680", "RHSA-2014:1652", "RHSA-2014:1653", "RHSA-2014:1692", "RHSA-2014:1876", "RHSA-2014:1877", "RHSA-2014:1880", "RHSA-2014:1881", "RHSA-2014:1882", "RHSA-2014:1948", "RHSA-2015:0066", "RHSA-2015:0067", "RHSA-2015:0068", "RHSA-2015:0069", "RHSA-2015:0079", "RHSA-2015:0080", "RHSA-2015:0085", "RHSA-2015:0086", "RHSA-2015:0090", "RHSA-2015:0092", "RHSA-2015:0099", "RHSA-2015:0101", "RHSA-2015:0126", "RHSA-2015:0264", "RHSA-2015:0698", "RHSA-2015:0715", "RHSA-2015:0716", "RHSA-2015:0752", "RHSA-2015:1064", "RHSA-2015:1115", "RHSA-2015:1197", "RHSA-2015:1330", "RHSA-2015:1545", "RHSA-2015:1546", "RHSA-2015:1695", "RHSA-2015:2500", "RHSA-2015:2501", "RHSA-2015:2502", "RHSA-2015:2514", "RHSA-2015:2516", "RHSA-2015:2517", "RHSA-2015:2521", "RHSA-2015:2522", "RHSA-2015:2523", "RHSA-2015:2524", "RHSA-2015:2534", "RHSA-2015:2535", "RHSA-2015:2536", "RHSA-2015:2537", "RHSA-2015:2538", "RHSA-2015:2539", "RHSA-2015:2540", "RHSA-2015:2542", "RHSA-2015:2547", "RHSA-2015:2556", "RHSA-2015:2557", "RHSA-2015:2558", "RHSA-2015:2559", "RHSA-2015:2560", "RHSA-2015:2578", "RHSA-2015:2579", "RHSA-2015:2616", "RHSA-2015:2617", "RHSA-2015:2670", "RHSA-2015:2671", "RHSA-2016:0040", "RHSA-2016:0066", "RHSA-2016:0118", "RHSA-2016:0121", "RHSA-2016:0122", "RHSA-2016:0123", "RHSA-2016:0124", "RHSA-2016:0125", "RHSA-2016:0301", "RHSA-2016:0302", "RHSA-2016:0303", "RHSA-2016:0304", "RHSA-2016:0305", "RHSA-2016:0306", "RHSA-2016:0370", "RHSA-2016:0371", "RHSA-2016:0372", "RHSA-2016:0379", "RHSA-2016:0445", "RHSA-2016:0446", "RHSA-2016:0489", "RHSA-2016:0490", "RHSA-2016:0495", "RHSA-2016:0591", "RHSA-2016:0684", "RHSA-2016:0685", "RHSA-2016:0722", "RHSA-2016:0996", "RHSA-2016:1137", "RHSA-2016:1376", "RHSA-2016:1420", "RHSA-2016:1421", "RHSA-2016:1422", "RHSA-2016:1538", "RHSA-2016:1609", "RHSA-2016:1610", "RHSA-2016:1611", "RHSA-2016:1612", "RHSA-2016:1613", "RHSA-2016:1635", "RHSA-2016:1636", "RHSA-2016:1648", "RHSA-2016:1649", "RHSA-2016:1773", "RHSA-2016:1838", "RHSA-2016:1839", "RHSA-2016:1840", "RHSA-2016:1851", "RHSA-2016:1940", "RHSA-2016:2035", "RHSA-2016:2036", "RHSA-2016:2045", "RHSA-2016:2046", "RHSA-2016:2068", "RHSA-2016:2069", "RHSA-2016:2070", "RHSA-2016:2071", "RHSA-2016:2072", "RHSA-2016:2073", "RHSA-2016:22381", "RHSA-2016:2599", "RHSA-2016:2779", "RHSA-2016:2802", "RHSA-2016:2807", "RHSA-2016:2808", "RHSA-2016:2927", "RHSA-2016:2928", "RHSA-2016:2957", "RHSA-2017:0175", "RHSA-2017:0176", "RHSA-2017:0177", "RHSA-2017:0180", "RHSA-2017:0193", "RHSA-2017:0194", "RHSA-2017:0269", "RHSA-2017:0272", "RHSA-2017:0286", "RHSA-2017:0336", "RHSA-2017:0337", "RHSA-2017:0338", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:0462", "RHSA-2017:0868", "RHSA-2017:1216", "RHSA-2017:1413", "RHSA-2017:1414", "RHSA-2017:1415", "RHSA-2017:1658", "RHSA-2017:1659", "RHSA-2017:1789", "RHSA-2017:1790", "RHSA-2017:1791", "RHSA-2017:1792", "RHSA-2017:1801", "RHSA-2017:1802", "RHSA-2017:2192", "RHSA-2017:2424", "RHSA-2017:2469", "RHSA-2017:2481", "RHSA-2017:2486", "RHSA-2017:2493", "RHSA-2017:2494", "RHSA-2017:2530", "RHSA-2017:2596", "RHSA-2017:2708", "RHSA-2017:2709", "RHSA-2017:2710", "RHSA-2017:2787", "RHSA-2017:2886", "RHSA-2017:3080", "RHSA-2017:3081", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2017:3392", "RHSA-2017:3453", "RHSA-2018:0279", "RHSA-2018:0574", "RHSA-2018:2123", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:2439", "RHSA-2018:2568", "RHSA-2018:2575", "RHSA-2018:2713", "RHSA-2018:2729", "RHSA-2019:1245", "RHSA-2019:2859", "RHSA-2020:0451", "RHSA-2020:3842", "RHSA-2020:4274", "RHSA-2021:0308", "RHSA-2021:2438"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1000104", "RH:CVE-2016-1181", "RH:CVE-2016-2105", "RH:CVE-2016-2106", "RH:CVE-2016-2107", "RH:CVE-2016-2108", "RH:CVE-2016-2179", "RH:CVE-2016-2180", "RH:CVE-2016-2181", "RH:CVE-2016-2182", "RH:CVE-2016-2834", "RH:CVE-2016-4430", "RH:CVE-2016-4431", "RH:CVE-2016-4433", "RH:CVE-2016-4436", "RH:CVE-2016-4438", "RH:CVE-2016-4465", "RH:CVE-2016-5385", "RH:CVE-2016-5386", "RH:CVE-2016-5387", "RH:CVE-2016-5388", "RH:CVE-2016-6302", "RH:CVE-2016-6303", "RH:CVE-2016-6305", "RH:CVE-2016-6306", "RH:CVE-2016-6307", "RH:CVE-2016-6308", "RH:CVE-2016-6309", "RH:CVE-2016-6814", "RH:CVE-2016-7052", "RH:CVE-2016-7055", "RH:CVE-2017-1000394", "RH:CVE-2017-10074", "RH:CVE-2017-10078", "RH:CVE-2017-10081", "RH:CVE-2017-10086", "RH:CVE-2017-10087", "RH:CVE-2017-10089", "RH:CVE-2017-10090", "RH:CVE-2017-10096", "RH:CVE-2017-10101", "RH:CVE-2017-10105", "RH:CVE-2017-10109", "RH:CVE-2017-10111", "RH:CVE-2017-10114", "RH:CVE-2017-10118", "RH:CVE-2017-10125", "RH:CVE-2017-10135", "RH:CVE-2017-10176", "RH:CVE-2017-10193", "RH:CVE-2017-10198", "RH:CVE-2017-3529", "RH:CVE-2017-3633", "RH:CVE-2017-3634", "RH:CVE-2017-3635", "RH:CVE-2017-3636", "RH:CVE-2017-3637", "RH:CVE-2017-3638", "RH:CVE-2017-3639", "RH:CVE-2017-3640", "RH:CVE-2017-3641", "RH:CVE-2017-3642", "RH:CVE-2017-3643", "RH:CVE-2017-3644", "RH:CVE-2017-3645", "RH:CVE-2017-3646", "RH:CVE-2017-3647", "RH:CVE-2017-3648", "RH:CVE-2017-3649", "RH:CVE-2017-3650", "RH:CVE-2017-3651", "RH:CVE-2017-3652", "RH:CVE-2017-3653", "RH:CVE-2017-3738", "RH:CVE-2017-5638", "RH:CVE-2017-5647", "RH:CVE-2017-5650", "RH:CVE-2017-5651"]}, {"type": "saint", "idList": ["SAINT:01D1CBFEFCD799FC1DCF4DD30F44F248", "SAINT:484D58D595B8F6CEE787306160971308", "SAINT:966010900F7632E797C552D31C2BB53A"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27011", "SECURITYVULNS:DOC:28237", "SECURITYVULNS:DOC:30347", "SECURITYVULNS:DOC:31041", "SECURITYVULNS:DOC:31090", "SECURITYVULNS:DOC:31293", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:DOC:31301", "SECURITYVULNS:DOC:31302", "SECURITYVULNS:DOC:31303", "SECURITYVULNS:DOC:31305", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31318", "SECURITYVULNS:DOC:31532", "SECURITYVULNS:DOC:31591", "SECURITYVULNS:DOC:31672", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:31772", "SECURITYVULNS:DOC:31790", "SECURITYVULNS:DOC:31890", "SECURITYVULNS:DOC:31940", "SECURITYVULNS:DOC:32203", "SECURITYVULNS:DOC:32267", "SECURITYVULNS:DOC:32343", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:DOC:32492", "SECURITYVULNS:DOC:32493", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:DOC:32514", "SECURITYVULNS:DOC:32516", "SECURITYVULNS:DOC:32522", "SECURITYVULNS:DOC:32566", "SECURITYVULNS:VULN:11900", "SECURITYVULNS:VULN:12459", "SECURITYVULNS:VULN:13594", "SECURITYVULNS:VULN:13810", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:13971", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14062", "SECURITYVULNS:VULN:14063", "SECURITYVULNS:VULN:14164", "SECURITYVULNS:VULN:14192", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14240", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14297", "SECURITYVULNS:VULN:14314", "SECURITYVULNS:VULN:14333", "SECURITYVULNS:VULN:14366", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14409", "SECURITYVULNS:VULN:14530", "SECURITYVULNS:VULN:14562", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:VULN:14678", "SECURITYVULNS:VULN:14696", "SECURITYVULNS:VULN:14697", "SECURITYVULNS:VULN:14702", "SECURITYVULNS:VULN:14755"]}, {"type": "seebug", "idList": ["SSV:20927", "SSV:61560", "SSV:85189", "SSV:89237", "SSV:89999", "SSV:90853", "SSV:90854", "SSV:90860", "SSV:91447", "SSV:91448", "SSV:91857", "SSV:92577", "SSV:92692", "SSV:92746", "SSV:92804", "SSV:93135", "SSV:96330"]}, {"type": "slackware", "idList": ["SSA-2014-156-03", "SSA-2014-288-01", "SSA-2015-009-01", "SSA-2015-028-01", "SSA-2015-111-09", "SSA-2015-162-01", "SSA-2015-349-04", "SSA-2016-034-03", "SSA-2016-124-01", "SSA-2016-203-02", "SSA-2016-266-01", "SSA-2016-270-01", "SSA-2016-358-01", "SSA-2016-363-01", "SSA-2017-041-02", "SSA-2017-251-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0764-1", "OPENSUSE-SU-2014:0765-1", "OPENSUSE-SU-2014:1331-1", "OPENSUSE-SU-2015:0130-1", "OPENSUSE-SU-2015:0162-1", "OPENSUSE-SU-2015:0184-1", "OPENSUSE-SU-2015:0190-1", "OPENSUSE-SU-2015:1139-1", "OPENSUSE-SU-2015:1277-1", "OPENSUSE-SU-2015:1911-1", "OPENSUSE-SU-2015:2243-1", "OPENSUSE-SU-2016:0628-1", "OPENSUSE-SU-2016:0637-1", "OPENSUSE-SU-2016:0638-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:0720-1", "OPENSUSE-SU-2016:0731-1", "OPENSUSE-SU-2016:0733-1", "OPENSUSE-SU-2016:1237-1", "OPENSUSE-SU-2016:1238-1", "OPENSUSE-SU-2016:1239-1", "OPENSUSE-SU-2016:1240-1", "OPENSUSE-SU-2016:1241-1", "OPENSUSE-SU-2016:1242-1", "OPENSUSE-SU-2016:1243-1", "OPENSUSE-SU-2016:1273-1", "OPENSUSE-SU-2016:1552-1", "OPENSUSE-SU-2016:1557-1", "OPENSUSE-SU-2016:1566-1", "OPENSUSE-SU-2016:2391-1", "OPENSUSE-SU-2016:2407-1", "OPENSUSE-SU-2016:2496-1", "OPENSUSE-SU-2016:2537-1", "OPENSUSE-SU-2016:2769-1", "OPENSUSE-SU-2016:2788-1", "OPENSUSE-SU-2017:0374-1", "OPENSUSE-SU-2017:0513-1", "OPENSUSE-SU-2017:1292-1", "OPENSUSE-SU-2017:2868-1", "OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2018:0042-1", "OPENSUSE-SU-2018:0458-1", "SUSE-SU-2014:0759-1", "SUSE-SU-2014:0759-2", "SUSE-SU-2014:0761-1", "SUSE-SU-2014:0762-1", "SUSE-SU-2014:0768-1", "SUSE-SU-2014:1357-1", "SUSE-SU-2014:1361-1", "SUSE-SU-2014:1386-1", "SUSE-SU-2014:1387-1", "SUSE-SU-2014:1387-2", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1526-1", "SUSE-SU-2014:1526-2", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0010-1", "SUSE-SU-2015:0158-1", "SUSE-SU-2015:0336-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0345-1", "SUSE-SU-2015:0376-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2015:0503-1", "SUSE-SU-2015:0541-1", "SUSE-SU-2015:0553-1", "SUSE-SU-2015:0553-2", "SUSE-SU-2015:0578-1", "SUSE-SU-2015:0620-1", "SUSE-SU-2015:0743-1", "SUSE-SU-2015:0946-1", "SUSE-SU-2015:1143-1", "SUSE-SU-2015:1150-1", "SUSE-SU-2015:1181-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-1", "SUSE-SU-2015:1182-2", "SUSE-SU-2015:1183-1", "SUSE-SU-2015:1183-2", "SUSE-SU-2015:1184-1", "SUSE-SU-2015:1184-2", "SUSE-SU-2015:1185-1", "SUSE-SU-2016:0617-1", "SUSE-SU-2016:0620-1", "SUSE-SU-2016:0621-1", "SUSE-SU-2016:0624-1", "SUSE-SU-2016:0631-1", "SUSE-SU-2016:0641-1", "SUSE-SU-2016:0678-1", "SUSE-SU-2016:0727-1", "SUSE-SU-2016:0748-1", "SUSE-SU-2016:0777-1", "SUSE-SU-2016:0778-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2016:0820-1", "SUSE-SU-2016:0909-1", "SUSE-SU-2016:1057-1", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1233-1", "SUSE-SU-2016:1267-1", "SUSE-SU-2016:1290-1", "SUSE-SU-2016:1360-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1459-1", "SUSE-SU-2016:1691-1", "SUSE-SU-2016:1799-1", "SUSE-SU-2016:2061-1", "SUSE-SU-2016:2387-1", "SUSE-SU-2016:2394-1", "SUSE-SU-2016:2458-1", "SUSE-SU-2016:2468-1", "SUSE-SU-2016:2469-1", "SUSE-SU-2016:2470-1", "SUSE-SU-2016:2470-2", "SUSE-SU-2017:0346-1", "SUSE-SU-2017:0460-1", "SUSE-SU-2017:0490-1", "SUSE-SU-2017:1175-1", "SUSE-SU-2017:1229-1", "SUSE-SU-2017:1248-1", "SUSE-SU-2017:1382-1", "SUSE-SU-2017:1444-1", "SUSE-SU-2017:1568-1", "SUSE-SU-2017:1632-1", "SUSE-SU-2017:1660-1", "SUSE-SU-2017:1701-1", "SUSE-SU-2017:2175-1", "SUSE-SU-2017:2263-1", "SUSE-SU-2017:2280-1", "SUSE-SU-2017:2281-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2701-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0005-1", "SUSE-SU-2018:0112-1"]}, {"type": "symantec", "idList": ["SMNTC-1325", "SMNTC-1338", "SMNTC-1344", "SMNTC-1347", "SMNTC-1355", "SMNTC-1363", "SMNTC-1367", "SMNTC-1382", "SMNTC-1387", "SMNTC-1391", "SMNTC-1392", "SMNTC-1395", "SMNTC-1419", "SMNTC-91068", "SMNTC-93236", "SMNTC-95429"]}, {"type": "talosblog", "idList": ["TALOSBLOG:991CC85C1D7CC3CD70110C7FAE123FAC", "TALOSBLOG:DAD87115458AF1FB5EDF5A2BB21D8AB9", "TALOSBLOG:DB8F26399F12B0F9B9309365CB42D9BB", "TALOSBLOG:E8F926D413AF8A060A5CA7289C0EAD20"]}, {"type": "thn", "idList": ["THN:11ACCB96E6DF3B8769AC3B63D2F85776", "THN:2707247140A4F620671B33D68FEB1EA9", "THN:35CF2D56C908025E96F8E8ADF33384DB", "THN:3DD8F9ADFFEB290F33825414D41B0F41", "THN:3F47D7B66C8A65AB31FAC5823C96C34D", "THN:6C0E5E35ABB362C8EA341381B3DD76D6", "THN:7CACCDBBDB47286572F59C67E92AF821", "THN:7FD924637D99697D78D53283817508DA", "THN:82BC3700070E6531BDA9B4A8023496B6", "THN:89C2482FECD181DD37C6DAEEB7A66FA9", "THN:A649F4ABCE9B99052139693A13D95B14", "THN:ACBFC80659E47A5B7C81B99570749679", "THN:ACD3479531482E2CA5A8E15EB6B47523", "THN:AF93AEDBDE6169AD1163D53979A4EA04", "THN:B18DB0BB2ACAF13D6FBF3445755365E3", "THN:B2CD802394694AA17ECB051A9D9C7CB6", "THN:BA4BC453AFA67B10DA346CBD7A9928A0", "THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "threatpost", "idList": ["THREATPOST:0308A7143D92E14583CCD684912ABD67", "THREATPOST:0DD2AEA1738F9B6612B1C845F3BC949F", "THREATPOST:12E93CDF8BAC1B158CE1737E859FDD80", "THREATPOST:1C2F8B65F8584E9BF67617A331A7B993", "THREATPOST:296C81B02F21670214B17577AC0DBE55", "THREATPOST:29907254311441DFE8331A9706EE7EFA", "THREATPOST:29E9D758B35B8637E8E0EC474D362D43", "THREATPOST:2DFCB17470A6B70C1E45B9EA4E53D9E0", "THREATPOST:3A858BD40E6943BD3F4553301036091D", "THREATPOST:477B6029652B76463B5C5B7155CDF736", "THREATPOST:54145B143BF11C716167531924DBD4F1", "THREATPOST:5ADABEB29891532ECFF2D6ABD99CAED4", "THREATPOST:5E633FD1C6A5B5BB74F1B6A8399001A2", "THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:76E9C3B4FF9F862F31CF7EBE00893BDF", "THREATPOST:79FD5014002E21B53F4970E1583AB7F2", "THREATPOST:7B2EAFA107D335014D553D78946C453E", "THREATPOST:7DFB677F72D6258B3CDEE746C764E29E", "THREATPOST:7E66A86C86BE8481D1B905B183CA42C3", "THREATPOST:89E329CF5B9C721F7BEBBBA5985778E3", "THREATPOST:8B5C2D5280CC957CA9A4CB0C697F96D8", "THREATPOST:92734AB0515417387ACE7EE44D1D5100", "THREATPOST:99C5E70D89447B8402B9FBA7381541F0", "THREATPOST:9D9869F89AC0737D7BCF95D2D1CF13F8", "THREATPOST:9E84C27A33C751DE6ECC9BAAF9C0F19B", "THREATPOST:A45826A8CDA7058392C4901D6AAD15F1", "THREATPOST:A5161FD8579FC8D6BD28F429682A17F9", "THREATPOST:A74A22908297215133751D9214F30506", "THREATPOST:AACAA4F654495529E053D43901F00A81", "THREATPOST:AD5395CA5B3FD95FAD8E67B675D0AFCA", "THREATPOST:C67169E038FB8F98C9DE037029EB7D5A", "THREATPOST:C848FE52EA743AF14022A0E5ABDDF5C2", "THREATPOST:CD1CBFA154DFAA1F3DC0E2E5CFA58D0A", "THREATPOST:CF8A831748EC23AA2B67F64081A55155", "THREATPOST:D4706357F1ED015BC0C89123865AF61A", "THREATPOST:D70CED5C745CA3779F2D02FBB6DBA717", "THREATPOST:F4E175435A7C5D2A4F16D46A939B175E", "THREATPOST:FC5665486C9D63E5C0C242F47F66ACF1", "THREATPOST:FE6D79C321BADEB83B8739FA73B416CF"]}, {"type": "tomcat", "idList": ["TOMCAT:0771E17F0F0733FEFCB0AD32B094C50F", "TOMCAT:15FF6DF1B5DE765DF9A478C8E8034759", "TOMCAT:1CB3810E65438752A9D2B074EFE36CB9", "TOMCAT:3433D97DD68E3E4EE81DAC140FD2AF8F", "TOMCAT:7E8B1837DB1B24489FB7CEAE24C18E30", "TOMCAT:83EBFA4095E1BC19531C4F80F79B499B", "TOMCAT:DA27CFA745026609962C185F86E4D285", "TOMCAT:DB1F1FE6D60B303FBCEB1A98F0CAE318", "TOMCAT:E1DC6AFC3CA2A246D554966278B61DC6"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B", "TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28", "TRENDMICROBLOG:5DA0AA0203F450ED9FF0CB21A89017BB", "TRENDMICROBLOG:71F44A4A56FE1111907DD39C26B46152"]}, {"type": "typo3", "idList": ["TYPO3-CORE-SA-2016-019", "TYPO3-EXT-SA-2018-003", "TYPO3-EXT-SA-2018-005", "TYPO3-EXT-SA-2018-007"]}, {"type": "ubuntu", "idList": ["USN-2125-1", "USN-2232-1", "USN-2232-2", "USN-2232-3", "USN-2232-4", "USN-2459-1", "USN-2485-1", "USN-2486-1", "USN-2487-1", "USN-2537-1", "USN-2551-1", "USN-2639-1", "USN-2830-1", "USN-2878-1", "USN-2916-1", "USN-2917-1", "USN-2917-2", "USN-2917-3", "USN-2924-1", "USN-2934-1", "USN-2959-1", "USN-2973-1", "USN-2993-1", "USN-3024-1", "USN-3027-1", "USN-3029-1", "USN-3038-1", "USN-3045-1", "USN-3087-1", "USN-3087-2", "USN-3177-1", "USN-3177-2", "USN-3179-1", "USN-3181-1", "USN-3194-1", "USN-3198-1", "USN-3270-1", "USN-3357-1", "USN-3357-2", "USN-3366-1", "USN-3366-2", "USN-3372-1", "USN-3396-1", "USN-3519-1", "USN-3727-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2730", "UB:CVE-2013-2027", "UB:CVE-2014-0224", "UB:CVE-2014-1912", "UB:CVE-2014-3566", "UB:CVE-2014-3571", "UB:CVE-2015-0235", "UB:CVE-2015-0254", "UB:CVE-2015-0286", "UB:CVE-2015-1788", "UB:CVE-2015-1789", "UB:CVE-2015-1790", "UB:CVE-2015-1791", "UB:CVE-2015-1792", "UB:CVE-2015-2774", "UB:CVE-2015-3195", "UB:CVE-2015-3197", "UB:CVE-2015-3253", "UB:CVE-2015-4852", "UB:CVE-2015-5254", "UB:CVE-2015-5377", "UB:CVE-2015-7501", "UB:CVE-2015-7940", "UB:CVE-2015-8607", "UB:CVE-2015-8608", "UB:CVE-2016-1000104", "UB:CVE-2016-1181", "UB:CVE-2016-1950", "UB:CVE-2016-1979", "UB:CVE-2016-2105", "UB:CVE-2016-2106", "UB:CVE-2016-2107", "UB:CVE-2016-2108", "UB:CVE-2016-2109", "UB:CVE-2016-2177", "UB:CVE-2016-2178", "UB:CVE-2016-2179", "UB:CVE-2016-2180", "UB:CVE-2016-2181", "UB:CVE-2016-2182", "UB:CVE-2016-2183", "UB:CVE-2016-2381", "UB:CVE-2016-2834", "UB:CVE-2016-3092", "UB:CVE-2016-4430", "UB:CVE-2016-4431", "UB:CVE-2016-4433", "UB:CVE-2016-4436", "UB:CVE-2016-4438", "UB:CVE-2016-4465", "UB:CVE-2016-4694", "UB:CVE-2016-5385", "UB:CVE-2016-5386", "UB:CVE-2016-5387", "UB:CVE-2016-5388", "UB:CVE-2016-6302", "UB:CVE-2016-6303", "UB:CVE-2016-6304", "UB:CVE-2016-6305", "UB:CVE-2016-6306", "UB:CVE-2016-6307", "UB:CVE-2016-6308", "UB:CVE-2016-6309", "UB:CVE-2016-6814", "UB:CVE-2016-7052", "UB:CVE-2016-7055", "UB:CVE-2017-10053", "UB:CVE-2017-10067", "UB:CVE-2017-10074", "UB:CVE-2017-10078", "UB:CVE-2017-10081", "UB:CVE-2017-10086", "UB:CVE-2017-10087", "UB:CVE-2017-10089", "UB:CVE-2017-10090", "UB:CVE-2017-10096", "UB:CVE-2017-10101", "UB:CVE-2017-10102", "UB:CVE-2017-10105", "UB:CVE-2017-10107", "UB:CVE-2017-10108", "UB:CVE-2017-10109", "UB:CVE-2017-10110", "UB:CVE-2017-10111", "UB:CVE-2017-10114", "UB:CVE-2017-10115", "UB:CVE-2017-10116", "UB:CVE-2017-10118", "UB:CVE-2017-10125", "UB:CVE-2017-10129", "UB:CVE-2017-10135", "UB:CVE-2017-10176", "UB:CVE-2017-10187", "UB:CVE-2017-10193", "UB:CVE-2017-10198", "UB:CVE-2017-10204", "UB:CVE-2017-10209", "UB:CVE-2017-10210", "UB:CVE-2017-10233", "UB:CVE-2017-10235", "UB:CVE-2017-10236", "UB:CVE-2017-10237", "UB:CVE-2017-10238", "UB:CVE-2017-10239", "UB:CVE-2017-10240", "UB:CVE-2017-10241", "UB:CVE-2017-10242", "UB:CVE-2017-10243", "UB:CVE-2017-3529", "UB:CVE-2017-3633", "UB:CVE-2017-3634", "UB:CVE-2017-3635", "UB:CVE-2017-3636", "UB:CVE-2017-3637", "UB:CVE-2017-3638", "UB:CVE-2017-3639", "UB:CVE-2017-3640", "UB:CVE-2017-3641", "UB:CVE-2017-3642", "UB:CVE-2017-3643", "UB:CVE-2017-3644", "UB:CVE-2017-3645", "UB:CVE-2017-3646", "UB:CVE-2017-3647", "UB:CVE-2017-3648", "UB:CVE-2017-3649", "UB:CVE-2017-3650", "UB:CVE-2017-3651", "UB:CVE-2017-3652", "UB:CVE-2017-3653", "UB:CVE-2017-3731", "UB:CVE-2017-3732", "UB:CVE-2017-3738", "UB:CVE-2017-5638", "UB:CVE-2017-5647", "UB:CVE-2017-5650", "UB:CVE-2017-5651"]}, {"type": "veracode", "idList": ["VERACODE:26463", "VERACODE:28334", "VERACODE:28351"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2014-0006", "VMSA-2014-0006.11", "VMSA-2015-0001", "VMSA-2015-0001.2", "VMSA-2017-0004", "VMSA-2017-0004.7"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1430", "VULNERLAB:1430"]}, {"type": "zdi", "idList": ["ZDI-15-365", "ZDI-17-044"]}, {"type": "zdt", "idList": ["1337DAY-ID-21938", "1337DAY-ID-23215", "1337DAY-ID-23392", "1337DAY-ID-23895", "1337DAY-ID-23928", "1337DAY-ID-25234", "1337DAY-ID-25942", "1337DAY-ID-25990", "1337DAY-ID-27300", "1337DAY-ID-27316", "1337DAY-ID-27332", "1337DAY-ID-27725", "1337DAY-ID-27866", "1337DAY-ID-27885", "1337DAY-ID-27887", "1337DAY-ID-27967", "1337DAY-ID-28046", "1337DAY-ID-28047", "1337DAY-ID-28048", "1337DAY-ID-28049", "1337DAY-ID-28053", "1337DAY-ID-28054", "1337DAY-ID-28162", "1337DAY-ID-28163", "1337DAY-ID-28164", "1337DAY-ID-28221", "1337DAY-ID-28222", "1337DAY-ID-28404", "1337DAY-ID-28405", "1337DAY-ID-28453", "1337DAY-ID-28593", "1337DAY-ID-28596", "1337DAY-ID-28653", "1337DAY-ID-28745", "1337DAY-ID-29087", "1337DAY-ID-29207", "1337DAY-ID-29351", "1337DAY-ID-29361", "1337DAY-ID-29403", "1337DAY-ID-29575", "1337DAY-ID-29811", "1337DAY-ID-30017", "1337DAY-ID-30020", "1337DAY-ID-30832", "1337DAY-ID-30884", "1337DAY-ID-30984", "1337DAY-ID-31338", "1337DAY-ID-31590", "1337DAY-ID-32144", "1337DAY-ID-33036", "1337DAY-ID-33221", "1337DAY-ID-34965", "1337DAY-ID-36004", "1337DAY-ID-36699", "1337DAY-ID-37806"]}]}, "score": {"value": 2.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_JULY2017_ADVISORY.ASC", "OPENSSL_ADVISORY23.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-293", "ALAS-2015-473", "ALAS-2017-821", "ALAS-2017-822", "ALAS-2017-860", "ALAS-2017-869", "ALAS-2017-887", "ALAS-2017-888", "ALAS-2017-936", "ALAS2-2018-1078"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-2108"]}, {"type": "apple", "idList": ["APPLE:B6838750CA6086B150DDD58EB8FAE22A"]}, {"type": "archlinux", "idList": ["ASA-201603-9", "ASA-201609-7"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-18242", "ATLASSIAN:BSERV-8977", "ATLASSIAN:CWD-4879"]}, {"type": "attackerkb", "idList": ["AKB:289DC3CE-ED8A-4366-89F0-46E148584C36", "AKB:5355349E-B12C-4352-8564-6886EE50CE60", "AKB:BDF59C15-D64F-45D5-B1AC-D1B9DD354080"]}, {"type": "canvas", "idList": ["STRUTS_OGNL"]}, {"type": "centos", "idList": ["CESA-2017:1789", "CESA-2017:2424"]}, {"type": "cert", "idList": ["VU:419128", "VU:491375", "VU:797896", "VU:834067", "VU:967332"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1616", "CPAI-2015-0039", "CPAI-2015-0994", "CPAI-2017-0151", "CPAI-2017-0197", "CPAI-2017-0399", "CPAI-2017-0676"]}, {"type": "checkpoint_security", "idList": ["CPS:SK101186", "CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK104443", "CPS:SK105062"]}, {"type": "chrome", "idList": ["GCSA-4830242147321115275"]}, {"type": "cisa", "idList": ["CISA:9066702332FCD5766AB41E06EAD9991B", "CISA:F0D9A1ED5C31628B8E6D1E5F3AD609C4"]}, {"type": "cisco", "idList": ["CISCO-SA-20141211-CVE-2014-8730", "CISCO-SA-20150612-OPENSSL", "CISCO-SA-20170130-OPENSSL", "CISCO-SA-20170310-STRUTS2"]}, {"type": "citrix", "idList": ["CTX233832"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2612C84317452E216670EAF7C553C9D4", "CFOUNDRY:C2B8B89ADB85BB41095EAA7D88C0E350"]}, {"type": "cve", "idList": ["CVE-2011-2730", "CVE-2015-3197", "CVE-2015-7940", "CVE-2015-8607", "CVE-2016-1181", "CVE-2016-1950", "CVE-2016-1979", "CVE-2016-2105", "CVE-2016-2106", "CVE-2016-2107", "CVE-2016-2108", "CVE-2016-2109", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2183", "CVE-2016-2834", "CVE-2016-3092", "CVE-2016-4430", "CVE-2016-4431", "CVE-2016-4433", "CVE-2016-4438", "CVE-2016-4465", "CVE-2016-5385", "CVE-2016-5386", "CVE-2016-5387", "CVE-2016-5388", "CVE-2017-10000", "CVE-2017-10001", "CVE-2017-10002", "CVE-2017-10003", "CVE-2017-10004", "CVE-2017-10005", "CVE-2017-10006", "CVE-2017-10007", "CVE-2017-10008", "CVE-2017-10009", "CVE-2017-10010", "CVE-2017-10011", "CVE-2017-10012", "CVE-2017-10013", "CVE-2017-10015", "CVE-2017-10016", "CVE-2017-10017", "CVE-2017-10018", "CVE-2017-10019", "CVE-2017-10020", "CVE-2017-10021", "CVE-2017-10022", "CVE-2017-10023", "CVE-2017-10024", "CVE-2017-10025", "CVE-2017-10027", "CVE-2017-10028", "CVE-2017-10029", "CVE-2017-10030", "CVE-2017-10031", "CVE-2017-10032", "CVE-2017-10035", "CVE-2017-10036", "CVE-2017-10038", "CVE-2017-10039", "CVE-2017-10040", "CVE-2017-10041", "CVE-2017-10043", "CVE-2017-10044", "CVE-2017-10045", "CVE-2017-10046", "CVE-2017-10047", "CVE-2017-10048", "CVE-2017-10049", "CVE-2017-10052", "CVE-2017-10053", "CVE-2017-10056", "CVE-2017-10057", "CVE-2017-10058", "CVE-2017-10059", "CVE-2017-10061", "CVE-2017-10063", "CVE-2017-10064", "CVE-2017-10067", "CVE-2017-10069", "CVE-2017-10070", "CVE-2017-10071", "CVE-2017-10072", "CVE-2017-10073", "CVE-2017-10074", "CVE-2017-10075", "CVE-2017-10076", "CVE-2017-10078", "CVE-2017-10079", "CVE-2017-10080", "CVE-2017-10081", "CVE-2017-10082", "CVE-2017-10083", "CVE-2017-10084", "CVE-2017-10085", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10088", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10091", "CVE-2017-10092", "CVE-2017-10093", "CVE-2017-10094", "CVE-2017-10095", "CVE-2017-10096", "CVE-2017-10097", "CVE-2017-10098", "CVE-2017-10100", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10103", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10106", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10112", "CVE-2017-10113", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10119", "CVE-2017-10120", "CVE-2017-10121", "CVE-2017-10122", "CVE-2017-10123", "CVE-2017-10125", "CVE-2017-10126", "CVE-2017-10128", "CVE-2017-10129", "CVE-2017-10130", "CVE-2017-10131", "CVE-2017-10132", "CVE-2017-10133", "CVE-2017-10134", "CVE-2017-10135", "CVE-2017-10136", "CVE-2017-10137", "CVE-2017-10141", "CVE-2017-10142", "CVE-2017-10143", "CVE-2017-10144", "CVE-2017-10145", "CVE-2017-10146", "CVE-2017-10147", "CVE-2017-10148", "CVE-2017-10149", "CVE-2017-10150", "CVE-2017-10156", "CVE-2017-10157", "CVE-2017-10160", "CVE-2017-10168", "CVE-2017-10169", "CVE-2017-10170", "CVE-2017-10171", "CVE-2017-10172", "CVE-2017-10173", "CVE-2017-10174", "CVE-2017-10175", "CVE-2017-10176", "CVE-2017-10177", "CVE-2017-10178", "CVE-2017-10179", "CVE-2017-10180", "CVE-2017-10181", "CVE-2017-10182", "CVE-2017-10183", "CVE-2017-10184", "CVE-2017-10185", "CVE-2017-10186", "CVE-2017-10187", "CVE-2017-10188", "CVE-2017-10189", "CVE-2017-10191", "CVE-2017-10192", "CVE-2017-10193", "CVE-2017-10195", "CVE-2017-10196", "CVE-2017-10198", "CVE-2017-10199", "CVE-2017-10200", "CVE-2017-10201", "CVE-2017-10202", "CVE-2017-10204", "CVE-2017-10205", "CVE-2017-10206", "CVE-2017-10207", "CVE-2017-10208", "CVE-2017-10209", "CVE-2017-10210", "CVE-2017-10211", "CVE-2017-10212", "CVE-2017-10213", "CVE-2017-10214", "CVE-2017-10215", "CVE-2017-10216", "CVE-2017-10217", "CVE-2017-10218", "CVE-2017-10219", "CVE-2017-10220", "CVE-2017-10221", "CVE-2017-10222", "CVE-2017-10223", "CVE-2017-10224", "CVE-2017-10225", "CVE-2017-10226", "CVE-2017-10228", "CVE-2017-10229", "CVE-2017-10230", "CVE-2017-10231", "CVE-2017-10232", "CVE-2017-10233", "CVE-2017-10234", "CVE-2017-10235", "CVE-2017-10236", "CVE-2017-10237", "CVE-2017-10238", "CVE-2017-10239", "CVE-2017-10240", "CVE-2017-10241", "CVE-2017-10242", "CVE-2017-10243", "CVE-2017-10244", "CVE-2017-10245", "CVE-2017-10246", "CVE-2017-10247", "CVE-2017-10248", "CVE-2017-10249", "CVE-2017-10250", "CVE-2017-10251", "CVE-2017-10252", "CVE-2017-10253", "CVE-2017-10254", "CVE-2017-10255", "CVE-2017-10256", "CVE-2017-10257", "CVE-2017-10258", "CVE-2017-3529", "CVE-2017-3562", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3646", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653", "CVE-2017-3731", "CVE-2017-5638", "CVE-2017-5689"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1043-1:9386A", "DEBIAN:DLA-1073-1:DB329", "DEBIAN:DLA-139-1:543FA", "DEBIAN:DLA-529-1:DC84D", "DEBIAN:DLA-568-1:8D4E9", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DLA-794-1:03B62", "DEBIAN:DLA-924-1:68694", "DEBIAN:DLA-924-2:C1101", "DEBIAN:DSA-2504-1:AEED7", "DEBIAN:DSA-2950-1:15DF5", "DEBIAN:DSA-3441-1:CE181", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-3631-1:30BAB", "DEBIAN:DSA-3673-2:FD8F0", "DEBIAN:DSA-3688-1:3F736", "DEBIAN:DSA-3842-1:1036A", "DEBIAN:DSA-3843-1:1AF3C", "DEBIAN:DSA-3919-1:5F02D", "DEBIAN:DSA-3922-1:71332", "DEBIAN:DSA-3944-1:A4058", "DEBIAN:DSA-3954-1:BB1DA", "DEBIAN:DSA-3955-1:FFC41", "DEBIAN:DSA-4005-1:3D72F", "DEBIAN:SSL-:DD9E5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2016-1950", "DEBIANCVE:CVE-2016-1979", "DEBIANCVE:CVE-2016-2834"]}, {"type": "erpscan", "idList": ["ERPSCAN-17-037", "ERPSCAN-17-038", "ERPSCAN-17-039", "ERPSCAN-17-040", "ERPSCAN-17-041", "ERPSCAN-17-042"]}, {"type": "exploitdb", "idList": ["EDB-ID:43385", "EDB-ID:44141"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:22AB36B8BB8503098CD2021FD5310DB7", "EXPLOITPACK:302009478677A1FFCEEFA1B54E322132", "EXPLOITPACK:8E7AE717DB9D8AE0105415BFDE08CC6D", "EXPLOITPACK:99988BAE0A27143CB886C29FF1A9E24F"]}, {"type": "f5", "idList": ["F5:K04734219", "F5:K05940857", "F5:K11936401", "F5:K15325", "F5:K28418435", "F5:K37526132", "F5:K39272405", "F5:K41815723", "F5:K43451236", "F5:K49000195", "F5:K52342540", "F5:K91024405", "F5:K94700053", "SOL07538415", "SOL12824341", "SOL15168792", "SOL15325", "SOL23230229", "SOL23873366", "SOL33209124", "SOL36488941", "SOL51920288", "SOL75152412", "SOL82392041"]}, {"type": "fedora", "idList": ["FEDORA:0FE8860E4374", "FEDORA:2BE5D60BDFEF", "FEDORA:361D5605D56D", "FEDORA:399E16057156", "FEDORA:3F80D6061813", "FEDORA:4628A60C3512", "FEDORA:50E7D60F2C0C", "FEDORA:58BAF60A0C7C", "FEDORA:8DE4F613FFDF", "FEDORA:955A2608A1F0", "FEDORA:A16B6608748C", "FEDORA:B70CB604EC19", "FEDORA:CF9346049DCC", "FEDORA:DDD696087CE5", "FEDORA:E4D7E606D4FC", "FEDORA:E67696087B8D", "FEDORA:EF85D6078C05"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["01D729CA-1143-11E6-B55E-B499BAEBFEAF", "0CA24682-3F03-11E6-B3C8-14DAE9D210B8", "32166082-53FA-41FA-B081-207E7A989A0A", "333F655A-B93A-11E5-9EFA-5453ED2E2B49", "3679FD10-C5D1-11E5-B85F-0018FE623F2B", "61B8C359-4AAB-11E6-A7BD-14DAE9D210B8", "6F0529E2-2E82-11E6-B2EC-B499BAEBFEAF", "C4292768-5273-4F17-A267-C5FE35125CE4", "CBCEEB49-3BC7-11E6-8E82-002590263BF5", "CDA2F3C2-6C8B-11E7-867F-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201709-22", "GLSA-201802-04"]}, {"type": "github", "idList": ["GHSA-J77Q-2QQG-6989"]}, {"type": "githubexploit", "idList": ["B41082A1-4177-53E2-A74C-8ABA13AA3E86"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:ADFF11EFB87724760A3377733EE703D5"]}, {"type": "hackerone", "idList": ["H1:134880", "H1:199436", "H1:73241"]}, {"type": "hp", "idList": ["HP:C05507350"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170316-01-STRUTS2", "HUAWEI-SA-20170503-01-OPENSSL", "HUAWEI-SA-20170712-01-INTEL"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "0C850FECD02720FE8E127F730E7172757B14E40919BABE4F7D431689A5B199DB", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "12D9F191717460AECB934B007F4CDE9698A96A4B8B98144C3F39DD87E57929EA", "160974CCBC12FDC44262159FC9737359086DF0317D260FA132DE5D77C6CF279E", "173149C2862A76C3B05901A2E9C6C47516A51FB293E9B22E259A50A96D934C7C", "1CDDAF9A5BDC499624F48C6A4A87E60ABBC6A591C8C97B4DDE9A84AF6CC390F8", "27B8E9FC98BA91ABC2C10006CF43B0739BDA7A3213E6F5DEF3851A7D59959B97", "2F35E2DCF5381942547832B4E8BA479A4689FC1FBB9AE66EECD61ED3FA34CEA8", "356FE57EA65A13321D1E838C9735B06928F0572E0C6AB0955DE122FCE0F71789", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "448B36431D70C2FF876FBEC8D7CD3B51B5042A64B4AF7EEA7903D392CD01A757", "4A5BA6F806D70D220D317E2FD1565C67DD9D79F0CCCC6F2EE1DF9D7FEAB9A24F", "4E0EFF0D013B3FFE7E5660259848A887BD9155BA19EF19DA0730D3AB081E99C4", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "5732370F4F8B5D39FBC3A44413C65B26F02167FF38729A805C868D677C534946", "597C2145694DF5A917E3F9F9BD43AEC462B29FC711E770CD5D9D878B4692E6CD", "5DFB309EEACC06B61D408A7963D4B9522D38B36040304E118E4A9237BCD1B461", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "6234195C7E31959F34FEEB3A01B3AE191F8EB55B62E74A9D49559D08BB9DC38C", "7244A71B9CEBAAC6333AB6E5193FF3AAF53E81390415B542DFF697EE598300A8", "74CEE8219E1D60BC6A66BBFFF067E8FF68222101E533A8C6D0FA63EFC99459E2", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "843A643E29100FE80A1F85E4177BC532FD3AAA0F456EED8DC57146873CD867A7", "8600D4FE1C84EFD70C8C1A94E48F4DDFC42B18B82D5F8C7EE6D12E22048B63B3", "8D247B2C235E7DDFF404A002426687ED23B6813663D6055A8B3835D362D31FBB", "8DC736DE56FAB6587FE3F3374A135C46A0E7ED405164BCFB17F0C06DF2FA350A", "9196B586E37F97C5C25F9D1D875117C2D9857DDCE95D8820B77DAD6F1C216C6A", "93F376A33DAF2CAA98CBF6E0EBE1D85CAFA8457254A8255841887F4BAE5738F6", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9FFD672388E3FD39EB2F7A51F8EA5C6593FD9BB5CBCF7E347F42124D11DA676C", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AB91AC52CDF597E93AF79DE0C8F08E926367250FBDE0DB3DAF33556D0061634A", "ABE64FFA5410F4D2BA3B07A691F59D16ACB55A9B1B3E2D89003FB7346FAD7881", "ACBA42A9F266755DB30CE35DBA1907FB61B1687AAD3415499AF5573BC67595AA", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "B2E9977303086EC5343BD24988CF7305556A2728DFC1B6D8581FB2141DD07E6F", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "C419E4AE704DBAFD5EFD078AE673E051D209740CCE61A07F500573B347A7F595", "C5F0A3013333B48D4C08CB3D13549994F17CDBB3EA06E50A46D8068D5A06FCAC", "C6C30575B8111B1F0235943AFBFB3EFC95AC6BC7ED4517C4C9F4D899336D20C9", "C810968492FABE70B0CBF249C3674187F1C428AC5C884D1DBAAB3F0B6A3A7FC9", "C83F675C530B12620988F0C65F58B32931125E0012C4B7C771823623ECB73255", "CC1A30E8E2330D238749CFFBD49D7E9838BBE1BEFE625CE5C43D437242EE4573", "CD43CD526A0719BBAB179EE22DAA2D078CA3A822CE986AA28BE62C2D1F89F650", "D2A77E25120EBB96CE3420A715254715ACBDBA7443A8362379DA5420DBB7AF32", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F3CCE399EBF8E0219B3D30EEF7F522C3290C31BEBAFE8248755CFA8EE7793280", "F6AFA8ACEF585CD43E06DE7164EBB8240A1255197762E88CB2BA50823C840FA9", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "FAA2B691DD1E76E786CADE53CD8A2391FDC6BE6F5B14624181F6008CE76C4E36", "FD341E9565DA038E3D3F3270185E1B7137BFC83217539B927AD2DB28B1679270", "FE0CD9D782041746DBFBA9DFD5A169C98E21DF40D5DB566AD15D9898EFE9D6E4"]}, {"type": "ics", "idList": ["ICSA-17-180-01", "ICSA-17-262-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:C40BB28F51D206C8BB23721D1ECED353", "IMPERVABLOG:DA39045C8E700086C560AAFFDBA589A6"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:BE4DFA5E9902B1180494294571F4FA61"]}, {"type": "jvn", "idList": ["JVN:61247051"]}, {"type": "kaspersky", "idList": ["KLA10382", "KLA11074", "KLA11076"]}, {"type": "kitploit", "idList": ["KITPLOIT:1841841790447853746", "KITPLOIT:2304674796555328667", "KITPLOIT:6372579284509577146", "KITPLOIT:9079806502812490909"]}, {"type": "krebs", "idList": ["KREBS:EE70929DE902D9B233E209B73C1AD4A0"]}, {"type": "lenovo", "idList": ["LENOVO:PS500093-NOSID", "LENOVO:PS500104-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:4993027161793E66024E0B42522BB53D"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/INTEL_AMT_DIGEST_BYPASS", "MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_GHOST_SCANNER", "MSF:AUXILIARY/SCANNER/SSL/OPENSSL_CCS", "MSF:EXPLOIT/MULTI/HTTP/STRUTS2_CONTENT_TYPE_OGNL", "MSF:ILITIES/HPSMH-CVE-2014-0224/", "MSF:ILITIES/IBM-HTTP_SERVER-CVE-2017-3732/", "MSF:ILITIES/SUSE-CVE-2017-5429/", "MSF:ILITIES/SUSE-CVE-2017-5430/", "MSF:ILITIES/SUSE-CVE-2017-5433/", "MSF:ILITIES/SUSE-CVE-2017-5435/", "MSF:ILITIES/SUSE-CVE-2017-5438/", "MSF:ILITIES/SUSE-CVE-2017-5439/", "MSF:ILITIES/SUSE-CVE-2017-5440/", "MSF:ILITIES/SUSE-CVE-2017-5442/", "MSF:ILITIES/SUSE-CVE-2017-5445/", "MSF:ILITIES/SUSE-CVE-2017-5447/", "MSF:ILITIES/SUSE-CVE-2017-5464/", "MSF:ILITIES/SUSE-CVE-2017-5467/", "MSF:ILITIES/SUSE-CVE-2017-5469/", "MSF:ILITIES/UBUNTU-CVE-2017-5429/", "MSF:ILITIES/UBUNTU-CVE-2017-5434/", "MSF:ILITIES/UBUNTU-CVE-2017-5440/", "MSF:ILITIES/UBUNTU-CVE-2017-5445/", "MSF:ILITIES/UBUNTU-CVE-2017-5454/"]}, {"type": "mozilla", "idList": ["MFSA2016-36"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784024", "MYHACK58:62201784026", "MYHACK58:62201784086", "MYHACK58:62201784379", "MYHACK58:62201785941", "MYHACK58:62201890758"]}, {"type": "nessus", "idList": ["700511.PRM", "8662.PRM", "AIX_IV73319.NASL", "AIX_JAVA_JULY2017_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY20.NASL", "ALA_ALAS-2014-293.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2016-667.NASL", "ALA_ALAS-2016-695.NASL", "ALA_ALAS-2017-821.NASL", "ALA_ALAS-2017-822.NASL", "ALA_ALAS-2017-860.NASL", "ALA_ALAS-2017-869.NASL", "ALA_ALAS-2017-887.NASL", "ALA_ALAS-2017-888.NASL", "APPLETV_9_2.NASL", "BLUECOAT_PROXY_SG_6_2_15_6.NASL", "BLUECOAT_PROXY_SG_6_5_4_4.NASL", "CENTOS_RHSA-2016-0370.NASL", "CENTOS_RHSA-2016-0371.NASL", "CENTOS_RHSA-2016-1137.NASL", "CENTOS_RHSA-2016-1422.NASL", "CENTOS_RHSA-2017-1789.NASL", "CENTOS_RHSA-2017-2192.NASL", "CENTOS_RHSA-2017-2424.NASL", "CISCO-SA-20140605-OPENSSL-IOSXR.NASL", "CISCO-SA-20150320-OPENSSL-IOS.NASL", "CISCO_ANYCONNECT_3_1_7021.NASL", "CISCO_JABBER_CLIENT_CSCUP23913.NASL", "CITRIX_XENSERVER_CTX212736.NASL", "DEBIAN_DLA-1043.NASL", "DEBIAN_DLA-1073.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-456.NASL", "DEBIAN_DLA-527.NASL", "DEBIAN_DLA-528.NASL", "DEBIAN_DLA-529.NASL", "DEBIAN_DLA-749.NASL", "DEBIAN_DLA-794.NASL", "DEBIAN_DSA-2504.NASL", "DEBIAN_DSA-3441.NASL", "DEBIAN_DSA-3501.NASL", "DEBIAN_DSA-3510.NASL", "DEBIAN_DSA-3524.NASL", "DEBIAN_DSA-3566.NASL", "DEBIAN_DSA-3611.NASL", "DEBIAN_DSA-3614.NASL", "DEBIAN_DSA-3842.NASL", "DEBIAN_DSA-3843.NASL", "DEBIAN_DSA-3919.NASL", "DEBIAN_DSA-3922.NASL", "DEBIAN_DSA-3944.NASL", "DEBIAN_DSA-3954.NASL", "DEBIAN_DSA-3955.NASL", "DRUPAL_8_1_7.NASL", "EULEROS_SA-2017-1150.NASL", "EULEROS_SA-2017-1151.NASL", "EULEROS_SA-2017-1207.NASL", "EULEROS_SA-2017-1208.NASL", "EULEROS_SA-2018-1302.NASL", "EULEROS_SA-2018-1303.NASL", "F5_BIGIP_SOL37526132.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2014-2418.NASL", "FEDORA_2015-10047.NASL", "FEDORA_2015-4320.NASL", "FEDORA_2015-EEFC5A6762.NASL", "FEDORA_2016-05C567DF1A.NASL", "FEDORA_2016-1411324654.NASL", "FEDORA_2016-1E39D934ED.NASL", "FEDORA_2016-1FB63E3BF3.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-5D4FC5ECC9.NASL", "FEDORA_2016-69E506E02D.NASL", "FEDORA_2016-8EB11666AA.NASL", "FEDORA_2016-9FD9BFAB9E.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2017-0E64C4C186.NASL", "FEDORA_2017-1CE2A05FF1.NASL", "FEDORA_2017-33C8085C5D.NASL", "FEDORA_2017-5261BA4605.NASL", "FEDORA_2017-661DDDC462.NASL", "FEDORA_2017-7C039552FA.NASL", "FEDORA_2017-9899ABA20E.NASL", "FEDORA_2017-CC0E0DAF0F.NASL", "FEDORA_2017-D5AA7C77D6.NASL", "FEDORA_2017-EE93493BEA.NASL", "FORTINET_FG-IR-14-018.NASL", "FREEBSD_PKG_01D729CA114311E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_0CA246823F0311E6B3C814DAE9D210B8.NASL", "FREEBSD_PKG_3216608253FA41FAB081207E7A989A0A.NASL", "FREEBSD_PKG_61B8C3594AAB11E6A7BD14DAE9D210B8.NASL", "FREEBSD_PKG_67B3FEF22BEA11E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_6F0529E22E8211E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_C429276852734F17A267C5FE35125CE4.NASL", "FREEBSD_PKG_CBCEEB493BC711E68E82002590263BF5.NASL", "FREEBSD_PKG_CDA2F3C26C8B11E7867FB499BAEBFEAF.NASL", "FREEBSD_PKG_D455708AE3D311E69940B499BAEBFEAF.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201709-22.NASL", "GENTOO_GLSA-201802-04.NASL", "HPSMH_7_3_3_1.NASL", "HPSMH_7_5_5.NASL", "IBM_TEM_9_1_1117_0.NASL", "INTEL_SA_00075.NASL", "JBOSS_JAVA_SERIALIZE.NASL", "LIBREOFFICE_423.NASL", "MACOSX_FIREFOX_47.NASL", "MACOSX_SECUPD2015-005.NASL", "MACOSX_VMWARE_OVFTOOL_VMSA_2014_0006.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MCAFEE_FIREWALL_ENTERPRISE_SB10102.NASL", "MOZILLA_FIREFOX_38_7_ESR.NASL", "MOZILLA_FIREFOX_45.NASL", "MOZILLA_FIREFOX_47.NASL", "MYSQL_5_5_57_RPM.NASL", "MYSQL_5_6_31.NASL", "MYSQL_5_6_31_RPM.NASL", "MYSQL_5_6_37_RPM.NASL", "MYSQL_5_7_13.NASL", "MYSQL_5_7_13_RPM.NASL", "MYSQL_5_7_17_RPM.NASL", "MYSQL_5_7_19_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_6_7959.NASL", "OPENSSL_1_0_0M.NASL", "OPENSSL_1_0_2E.NASL", "OPENSUSE-2015-139.NASL", "OPENSUSE-2016-332.NASL", "OPENSUSE-2016-334.NASL", "OPENSUSE-2016-561.NASL", "OPENSUSE-2016-562.NASL", "OPENSUSE-2016-564.NASL", "OPENSUSE-2016-575.NASL", "OPENSUSE-2016-704.NASL", "OPENSUSE-2016-714.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2017-954.NASL", "OPENSUSE-2018-14.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "ORACLELINUX_ELSA-2015-2522.NASL", "ORACLELINUX_ELSA-2016-0370.NASL", "ORACLELINUX_ELSA-2016-0371.NASL", "ORACLELINUX_ELSA-2016-1137.NASL", "ORACLELINUX_ELSA-2016-1421.NASL", "ORACLELINUX_ELSA-2016-1422.NASL", "ORACLELINUX_ELSA-2016-2045.NASL", "ORACLELINUX_ELSA-2016-3576.NASL", "ORACLELINUX_ELSA-2017-1789.NASL", "ORACLELINUX_ELSA-2017-2424.NASL", "ORACLELINUX_ELSA-2018-2123.NASL", "ORACLEVM_OVMSA-2016-0034.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2015.NASL", "ORACLE_EIDS_CPU_OCT_2014.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JROCKIT_CPU_JUL_2017.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2014_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2021.NASL", "PALO_ALTO_PAN-SA-2014-0003.NASL", "PHP_5_5_22.NASL", "PHP_5_6_6.NASL", "PIVOTAL_WEBSERVER_5_4_1.NASL", "REDHAT-RHSA-2014-0679.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2015-0099.NASL", "REDHAT-RHSA-2016-0370.NASL", "REDHAT-RHSA-2016-0371.NASL", "REDHAT-RHSA-2016-1137.NASL", "REDHAT-RHSA-2016-1421.NASL", "REDHAT-RHSA-2016-1422.NASL", "REDHAT-RHSA-2016-1635.NASL", "REDHAT-RHSA-2016-2599.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2017-1789.NASL", "REDHAT-RHSA-2017-1790.NASL", "REDHAT-RHSA-2017-1791.NASL", "REDHAT-RHSA-2017-1792.NASL", "REDHAT-RHSA-2017-2192.NASL", "REDHAT-RHSA-2017-2424.NASL", "REDHAT-RHSA-2017-2469.NASL", "REDHAT-RHSA-2017-2481.NASL", "REDHAT-RHSA-2017-2530.NASL", "REDHAT-RHSA-2018-2575.NASL", "SLACKWARE_SSA_2016-124-01.NASL", "SLACKWARE_SSA_2017-251-02.NASL", "SL_20150324_OPENSSL_ON_SL7_X.NASL", "SL_20160309_NSS_ON_SL5_X.NASL", "SL_20160309_NSS_UTIL_ON_SL6_X.NASL", "SL_20160531_OPENSSL_ON_SL5_X.NASL", "SL_20160718_HTTPD_ON_SL5_X.NASL", "SL_20160718_HTTPD_ON_SL7_X.NASL", "SL_20170720_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20170807_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20170817_GROOVY_ON_SL7_X.NASL", "SL_20180703_PYTHON_ON_SL7_X.NASL", "SOLARIS10_147673.NASL", "SOLARIS10_X86_147674.NASL", "SOLARIS10_X86_150401-50.NASL", "SOLARIS_JUL2017_SRU11_3_0_0_0.NASL", "SOLARIS_JUL2017_SRU11_3_20_6_0.NASL", "SOLARIS_JUL2017_SRU11_3_21_5_0.NASL", "SOLARIS_JUL2017_SRU11_3_22_3_0.NASL", "SOLARIS_JUL2017_SRU11_3_2_4_0.NASL", "SPLUNK_5011.NASL", "SPLUNK_618.NASL", "SPLUNK_625.NASL", "SSL_MEDIUM_SUPPORTED_CIPHERS.NASL", "STRUTS_2_5_10_1_WIN_LOCAL.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_SU-2015-1181-2.NASL", "SUSE_SU-2015-1184-2.NASL", "SUSE_SU-2016-0727-1.NASL", "SUSE_SU-2016-0777-1.NASL", "SUSE_SU-2016-1228-1.NASL", "SUSE_SU-2016-1233-1.NASL", "SUSE_SU-2016-1360-1.NASL", "SUSE_SU-2017-0346-1.NASL", "SUSE_SU-2017-0460-1.NASL", "SUSE_SU-2017-0726-1.NASL", "SUSE_SU-2017-0839-1.NASL", "SUSE_SU-2017-2175-1.NASL", "SUSE_SU-2017-2263-1.NASL", "SUSE_SU-2017-2280-1.NASL", "SUSE_SU-2017-2281-1.NASL", "SUSE_SU-2017-2290-1.NASL", "TENABLE_OT_SIEMENS_CVE-2014-0224.NASL", "UBUNTU_USN-2878-1.NASL", "UBUNTU_USN-2917-1.NASL", "UBUNTU_USN-2924-1.NASL", "UBUNTU_USN-2959-1.NASL", "UBUNTU_USN-2993-1.NASL", "UBUNTU_USN-3027-1.NASL", "UBUNTU_USN-3029-1.NASL", "UBUNTU_USN-3038-1.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3270-1.NASL", "UBUNTU_USN-3357-1.NASL", "UBUNTU_USN-3366-1.NASL", "UBUNTU_USN-3366-2.NASL", "UBUNTU_USN-3396-1.NASL", "UBUNTU_USN-3519-1.NASL", "VIRTUALBOX_5_0_22.NASL", "VIRTUALBOX_5_1_24.NASL", "VMWARE_ESXI_5_5_BUILD_1881737_REMOTE.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_WORKSTATION_LINUX_10_0_3.NASL", "VSPHERE_CLIENT_VMSA_2014-0006.NASL", "WEBSPHERE_8_5_5_4.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15R.NASL"]}, {"type": "nmap", "idList": ["NMAP:SSLV2-DROWN.NSE"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2014-0224", "OPENSSL:CVE-2015-1788", "OPENSSL:CVE-2016-2180"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105043", "OPENVAS:1361412562310105158", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105202", "OPENVAS:1361412562310105679", "OPENVAS:1361412562310105828", "OPENVAS:1361412562310106640", "OPENVAS:1361412562310106646", "OPENVAS:1361412562310106647", "OPENVAS:1361412562310106652", "OPENVAS:1361412562310106653", "OPENVAS:1361412562310106736", "OPENVAS:1361412562310106828", "OPENVAS:1361412562310108372", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120651", "OPENVAS:1361412562310120717", "OPENVAS:1361412562310121379", "OPENVAS:1361412562310123099", "OPENVAS:1361412562310131170", "OPENVAS:1361412562310131177", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310140190", "OPENVAS:1361412562310140229", "OPENVAS:1361412562310703944", "OPENVAS:1361412562310703954", "OPENVAS:1361412562310703955", "OPENVAS:1361412562310806675", "OPENVAS:1361412562310806731", "OPENVAS:1361412562310807351", "OPENVAS:1361412562310809062", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310810762", "OPENVAS:1361412562310810763", "OPENVAS:1361412562310810766", "OPENVAS:1361412562310810767", "OPENVAS:1361412562310810996", "OPENVAS:1361412562310810997", "OPENVAS:1361412562310811241", "OPENVAS:1361412562310811242", "OPENVAS:1361412562310811243", "OPENVAS:1361412562310811245", "OPENVAS:1361412562310811246", "OPENVAS:1361412562310811247", "OPENVAS:1361412562310811248", "OPENVAS:1361412562310811249", "OPENVAS:1361412562310811250", "OPENVAS:1361412562310811430", "OPENVAS:1361412562310811431", "OPENVAS:1361412562310811432", "OPENVAS:1361412562310811433", "OPENVAS:1361412562310811434", "OPENVAS:1361412562310811435", "OPENVAS:1361412562310811436", "OPENVAS:1361412562310811437", "OPENVAS:1361412562310811438", "OPENVAS:1361412562310811439", "OPENVAS:1361412562310811440", "OPENVAS:1361412562310811441", "OPENVAS:1361412562310811529", "OPENVAS:1361412562310811530", "OPENVAS:1361412562310811531", "OPENVAS:1361412562310811532", "OPENVAS:1361412562310841867", "OPENVAS:1361412562310841933", "OPENVAS:1361412562310842729", "OPENVAS:1361412562310843171", "OPENVAS:1361412562310843246", "OPENVAS:1361412562310843258", "OPENVAS:1361412562310843265", "OPENVAS:1361412562310843292", "OPENVAS:1361412562310843603", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310851553", "OPENVAS:1361412562310867505", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310869959", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310871520", "OPENVAS:1361412562310871663", "OPENVAS:1361412562310871845", "OPENVAS:1361412562310871876", "OPENVAS:1361412562310872286", "OPENVAS:1361412562310872299", "OPENVAS:1361412562310872623", "OPENVAS:1361412562310872624", "OPENVAS:1361412562310873242", "OPENVAS:1361412562310873246", "OPENVAS:1361412562310873283", "OPENVAS:1361412562310873286", "OPENVAS:1361412562310881946", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882340", "OPENVAS:1361412562310882412", "OPENVAS:1361412562310882486", "OPENVAS:1361412562310882754", "OPENVAS:1361412562310882756", "OPENVAS:1361412562310882758", "OPENVAS:1361412562310890924", "OPENVAS:1361412562310891043", "OPENVAS:1361412562310891073", "OPENVAS:1361412562311220161030", "OPENVAS:1361412562311220201774", "OPENVAS:703609", "OPENVAS:703842", "OPENVAS:703843", "OPENVAS:703919", "OPENVAS:703922"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000007"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJAN2016", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0625", "ELSA-2014-1652", "ELSA-2015-0085", "ELSA-2015-1695", "ELSA-2015-2521", "ELSA-2015-2522", "ELSA-2015-2671", "ELSA-2016-0370", "ELSA-2016-0371", "ELSA-2016-1421", "ELSA-2016-1422", "ELSA-2017-1789", "ELSA-2017-1809", "ELSA-2017-2424", "ELSA-2017-2486"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136649", "PACKETSTORM:141576", "PACKETSTORM:141630", "PACKETSTORM:143441", "PACKETSTORM:143452", "PACKETSTORM:146437", "PACKETSTORM:153278"]}, {"type": "paloalto", "idList": ["PAN-SA-2017-0012"]}, {"type": "pentestit", "idList": ["PENTESTIT:C47AA6D1808026ACA45B1AD1CF25CA3B"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:110CC96D8440CC2A1EA0521D300634ED"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:078B46BBA3057CDE37845D48479CC3DD", "RAPID7COMMUNITY:3E2118D4B45B40AADFB608DCC53EA3E8"]}, {"type": "redhat", "idList": ["RHSA-2014:1652", "RHSA-2015:0069", "RHSA-2015:2500", "RHSA-2015:2517", "RHSA-2015:2521", "RHSA-2015:2522", "RHSA-2015:2523", "RHSA-2015:2534", "RHSA-2015:2535", "RHSA-2015:2536", "RHSA-2015:2671", "RHSA-2016:0123", "RHSA-2016:0371", "RHSA-2016:0445", "RHSA-2016:1137", "RHSA-2016:1636", "RHSA-2017:0868", "RHSA-2017:1790", "RHSA-2017:2493", "RHSA-2017:2787", "RHSA-2017:3113", "RHSA-2018:2568", "RHSA-2021:0308"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-2105", "RH:CVE-2016-6814", "RH:CVE-2017-10074", "RH:CVE-2017-10078", "RH:CVE-2017-10081", "RH:CVE-2017-10086", "RH:CVE-2017-10087", "RH:CVE-2017-10089", "RH:CVE-2017-10090", "RH:CVE-2017-10096", "RH:CVE-2017-10101", "RH:CVE-2017-10105", "RH:CVE-2017-10109", "RH:CVE-2017-10111", "RH:CVE-2017-10114", "RH:CVE-2017-10118", "RH:CVE-2017-10125", "RH:CVE-2017-10135", "RH:CVE-2017-10176", "RH:CVE-2017-10193", "RH:CVE-2017-10198", "RH:CVE-2017-3529", "RH:CVE-2017-3633", "RH:CVE-2017-3634", "RH:CVE-2017-3635", "RH:CVE-2017-3636", "RH:CVE-2017-3637", "RH:CVE-2017-3638", "RH:CVE-2017-3639", "RH:CVE-2017-3640", "RH:CVE-2017-3641", "RH:CVE-2017-3642", "RH:CVE-2017-3643", "RH:CVE-2017-3644", "RH:CVE-2017-3645", "RH:CVE-2017-3646", "RH:CVE-2017-3647", "RH:CVE-2017-3648", "RH:CVE-2017-3649", "RH:CVE-2017-3650", "RH:CVE-2017-3651", "RH:CVE-2017-3652", "RH:CVE-2017-3653", "RH:CVE-2017-5638", "RH:CVE-2017-5647", "RH:CVE-2017-5650", "RH:CVE-2017-5651"]}, {"type": "saint", "idList": ["SAINT:01D1CBFEFCD799FC1DCF4DD30F44F248", "SAINT:966010900F7632E797C552D31C2BB53A"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31790", "SECURITYVULNS:VULN:13594", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14297", "SECURITYVULNS:VULN:14333", "SECURITYVULNS:VULN:14697"]}, {"type": "seebug", "idList": ["SSV:92746", "SSV:92804", "SSV:96330"]}, {"type": "slackware", "idList": ["SSA-2017-251-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1139-1", "OPENSUSE-SU-2016:1237-1", "OPENSUSE-SU-2016:1238-1", "OPENSUSE-SU-2016:1240-1", "OPENSUSE-SU-2016:1242-1", "OPENSUSE-SU-2016:1243-1", "OPENSUSE-SU-2016:1552-1", "OPENSUSE-SU-2016:1557-1", "OPENSUSE-SU-2018:0042-1", "SUSE-SU-2014:0761-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0946-1", "SUSE-SU-2015:1181-2", "SUSE-SU-2015:1182-2", "SUSE-SU-2015:1183-2", "SUSE-SU-2016:1206-1", "SUSE-SU-2016:1228-1", "SUSE-SU-2016:1231-1", "SUSE-SU-2016:1233-1", "SUSE-SU-2016:1459-1", "SUSE-SU-2016:1691-1", "SUSE-SU-2016:1799-1", "SUSE-SU-2017:1229-1", "SUSE-SU-2017:1444-1", "SUSE-SU-2017:2175-1", "SUSE-SU-2017:2263-1", "SUSE-SU-2017:2280-1", "SUSE-SU-2017:2281-1"]}, {"type": "symantec", "idList": ["SMNTC-1338", "SMNTC-1395", "SMNTC-1419"]}, {"type": "talosblog", "idList": ["TALOSBLOG:DB8F26399F12B0F9B9309365CB42D9BB"]}, {"type": "thn", "idList": ["THN:2707247140A4F620671B33D68FEB1EA9", "THN:3F47D7B66C8A65AB31FAC5823C96C34D", "THN:6C0E5E35ABB362C8EA341381B3DD76D6", "THN:7FD924637D99697D78D53283817508DA", "THN:A649F4ABCE9B99052139693A13D95B14", "THN:ACBFC80659E47A5B7C81B99570749679", "THN:ACD3479531482E2CA5A8E15EB6B47523", "THN:B2CD802394694AA17ECB051A9D9C7CB6", "THN:BA4BC453AFA67B10DA346CBD7A9928A0", "THN:D2B91981A95FA63440BEC1909D1FAE82"]}, {"type": "threatpost", "idList": ["THREATPOST:0308A7143D92E14583CCD684912ABD67", "THREATPOST:477B6029652B76463B5C5B7155CDF736", "THREATPOST:54145B143BF11C716167531924DBD4F1", "THREATPOST:5E633FD1C6A5B5BB74F1B6A8399001A2", "THREATPOST:7DFB677F72D6258B3CDEE746C764E29E", "THREATPOST:7E66A86C86BE8481D1B905B183CA42C3", "THREATPOST:89E329CF5B9C721F7BEBBBA5985778E3", "THREATPOST:9E84C27A33C751DE6ECC9BAAF9C0F19B", "THREATPOST:A5161FD8579FC8D6BD28F429682A17F9", "THREATPOST:AD5395CA5B3FD95FAD8E67B675D0AFCA", "THREATPOST:CD1CBFA154DFAA1F3DC0E2E5CFA58D0A", "THREATPOST:D4706357F1ED015BC0C89123865AF61A", "THREATPOST:D70CED5C745CA3779F2D02FBB6DBA717", "THREATPOST:FC5665486C9D63E5C0C242F47F66ACF1", "THREATPOST:FE6D79C321BADEB83B8739FA73B416CF"]}, {"type": "tomcat", "idList": ["TOMCAT:83EBFA4095E1BC19531C4F80F79B499B", "TOMCAT:DA27CFA745026609962C185F86E4D285", "TOMCAT:DB1F1FE6D60B303FBCEB1A98F0CAE318"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28", "TRENDMICROBLOG:5DA0AA0203F450ED9FF0CB21A89017BB"]}, {"type": "typo3", "idList": ["TYPO3-EXT-SA-2018-005"]}, {"type": "ubuntu", "idList": ["USN-2232-1", "USN-2232-2", "USN-2232-3", "USN-2232-4", "USN-2917-2", "USN-3194-1", "USN-3357-1", "USN-3357-2", "USN-3366-2", "USN-3519-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1791", "UB:CVE-2016-1979", "UB:CVE-2016-6814", "UB:CVE-2017-10053", "UB:CVE-2017-10067", "UB:CVE-2017-10074", "UB:CVE-2017-10078", "UB:CVE-2017-10081", "UB:CVE-2017-10086", "UB:CVE-2017-10087", "UB:CVE-2017-10089", "UB:CVE-2017-10090", "UB:CVE-2017-10096", "UB:CVE-2017-10101", "UB:CVE-2017-10102", "UB:CVE-2017-10105", "UB:CVE-2017-10107", "UB:CVE-2017-10108", "UB:CVE-2017-10109", "UB:CVE-2017-10110", "UB:CVE-2017-10111", "UB:CVE-2017-10114", "UB:CVE-2017-10115", "UB:CVE-2017-10116", "UB:CVE-2017-10118", "UB:CVE-2017-10129", "UB:CVE-2017-10135", "UB:CVE-2017-10176", "UB:CVE-2017-10187", "UB:CVE-2017-10193", "UB:CVE-2017-10198", "UB:CVE-2017-10204", "UB:CVE-2017-10209", "UB:CVE-2017-10210", "UB:CVE-2017-10233", "UB:CVE-2017-10235", "UB:CVE-2017-10236", "UB:CVE-2017-10237", "UB:CVE-2017-10238", "UB:CVE-2017-10239", "UB:CVE-2017-10240", "UB:CVE-2017-10241", "UB:CVE-2017-10242", "UB:CVE-2017-10243", "UB:CVE-2017-3529", "UB:CVE-2017-3633", "UB:CVE-2017-3634", "UB:CVE-2017-3635", "UB:CVE-2017-3636", "UB:CVE-2017-3637", "UB:CVE-2017-3638", "UB:CVE-2017-3639", "UB:CVE-2017-3640", "UB:CVE-2017-3641", "UB:CVE-2017-3642", "UB:CVE-2017-3643", "UB:CVE-2017-3644", "UB:CVE-2017-3645", "UB:CVE-2017-3646", "UB:CVE-2017-3647", "UB:CVE-2017-3648", "UB:CVE-2017-3649", "UB:CVE-2017-3650", "UB:CVE-2017-3651", "UB:CVE-2017-3652", "UB:CVE-2017-3653", "UB:CVE-2017-3731", "UB:CVE-2017-5647", "UB:CVE-2017-5650", "UB:CVE-2017-5651"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001.2"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:1430"]}, {"type": "zdi", "idList": ["ZDI-17-044"]}, {"type": "zdt", "idList": ["1337DAY-ID-25234", "1337DAY-ID-27332", "1337DAY-ID-27967", "1337DAY-ID-28405", "1337DAY-ID-28745", "1337DAY-ID-29361"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2011-2730", "epss": "0.021750000", "percentile": "0.875970000", "modified": "2023-03-19"}, {"cve": "CVE-2013-2027", "epss": "0.000420000", "percentile": "0.056360000", "modified": "2023-03-19"}, {"cve": "CVE-2014-0224", "epss": "0.975390000", "percentile": "0.999840000", "modified": "2023-03-19"}, {"cve": "CVE-2014-1912", "epss": "0.363720000", "percentile": "0.965010000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3566", "epss": "0.975070000", "percentile": "0.999610000", "modified": "2023-03-19"}, {"cve": "CVE-2014-3571", "epss": "0.809750000", "percentile": "0.977570000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0235", "epss": "0.974950000", "percentile": "0.999510000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0254", "epss": "0.054340000", "percentile": "0.919490000", "modified": "2023-03-19"}, {"cve": "CVE-2015-0286", "epss": "0.957700000", "percentile": "0.990230000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1788", "epss": "0.562990000", "percentile": "0.971040000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1789", "epss": "0.346210000", "percentile": "0.964090000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1790", "epss": "0.424730000", "percentile": "0.967110000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1791", "epss": "0.330470000", "percentile": "0.963450000", "modified": "2023-03-19"}, {"cve": "CVE-2015-1792", "epss": "0.634140000", "percentile": "0.972540000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3195", "epss": "0.006110000", "percentile": "0.754120000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3197", "epss": "0.003070000", "percentile": "0.651750000", "modified": "2023-03-19"}, {"cve": "CVE-2015-3253", "epss": "0.014080000", "percentile": "0.844230000", "modified": "2023-03-19"}, {"cve": "CVE-2015-5254", "epss": "0.038590000", "percentile": "0.905140000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7501", "epss": "0.013000000", "percentile": "0.837680000", "modified": "2023-03-19"}, {"cve": "CVE-2015-7940", "epss": "0.002600000", "percentile": "0.619730000", "modified": "2023-03-19"}, {"cve": "CVE-2015-8607", "epss": "0.009170000", "percentile": "0.804660000", "modified": "2023-03-19"}, {"cve": "CVE-2015-8608", "epss": "0.050120000", "percentile": "0.916110000", "modified": "2023-03-20"}, {"cve": "CVE-2016-0635", "epss": "0.002860000", "percentile": "0.638560000", "modified": "2023-03-20"}, {"cve": "CVE-2016-1181", "epss": "0.022080000", "percentile": "0.876950000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1950", "epss": "0.005440000", "percentile": "0.738710000", "modified": "2023-03-19"}, {"cve": "CVE-2016-1979", "epss": "0.027570000", "percentile": "0.889370000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2105", "epss": "0.048080000", "percentile": "0.914350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2106", "epss": "0.075810000", "percentile": "0.930850000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2107", "epss": "0.974000000", "percentile": "0.998350000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2108", "epss": "0.914900000", "percentile": "0.983050000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2109", "epss": "0.165770000", "percentile": "0.951480000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2177", "epss": "0.014010000", "percentile": "0.843810000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2178", "epss": "0.000460000", "percentile": "0.139800000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2179", "epss": "0.022460000", "percentile": "0.878050000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2180", "epss": "0.009990000", "percentile": "0.813090000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2181", "epss": "0.031540000", "percentile": "0.895960000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2182", "epss": "0.035030000", "percentile": "0.900700000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2183", "epss": "0.004390000", "percentile": "0.708120000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2381", "epss": "0.004370000", "percentile": "0.707530000", "modified": "2023-03-19"}, {"cve": "CVE-2016-2834", "epss": "0.008520000", "percentile": "0.796820000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3092", "epss": "0.013670000", "percentile": "0.841810000", "modified": "2023-03-19"}, {"cve": "CVE-2016-3506", "epss": "0.008150000", "percentile": "0.792040000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4430", "epss": "0.004140000", "percentile": "0.699780000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4431", "epss": "0.009140000", "percentile": "0.804240000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4433", "epss": "0.005890000", "percentile": "0.749140000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4436", "epss": "0.023650000", "percentile": "0.881260000", "modified": "2023-03-19"}, {"cve": "CVE-2016-4438", "epss": "0.059480000", "percentile": "0.922870000", "modified": "2023-03-20"}, {"cve": "CVE-2016-4465", "epss": "0.959000000", "percentile": "0.990690000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5019", "epss": "0.006210000", "percentile": "0.756120000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5385", "epss": "0.947490000", "percentile": "0.987600000", "modified": "2023-03-19"}, {"cve": "CVE-2016-5386", "epss": "0.736010000", "percentile": "0.975310000", "modified": "2023-03-19"}, {"cve": "CVE-2016-5387", "epss": "0.970260000", "percentile": "0.995530000", "modified": "2023-03-19"}, {"cve": "CVE-2016-5388", "epss": "0.948220000", "percentile": "0.987770000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6302", "epss": "0.015160000", "percentile": "0.849570000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6303", "epss": "0.015530000", "percentile": "0.851420000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6304", "epss": "0.323680000", "percentile": "0.963130000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6305", "epss": "0.038540000", "percentile": "0.905080000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6306", "epss": "0.042610000", "percentile": "0.909500000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6307", "epss": "0.064600000", "percentile": "0.925680000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6308", "epss": "0.068950000", "percentile": "0.928020000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6309", "epss": "0.928660000", "percentile": "0.984430000", "modified": "2023-03-19"}, {"cve": "CVE-2016-6814", "epss": "0.020390000", "percentile": "0.871750000", "modified": "2023-03-19"}, {"cve": "CVE-2016-7052", "epss": "0.032350000", "percentile": "0.897020000", "modified": "2023-03-19"}, {"cve": "CVE-2016-7055", "epss": "0.010660000", "percentile": "0.819460000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10000", "epss": "0.000590000", "percentile": "0.228770000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10001", "epss": "0.000880000", "percentile": "0.361730000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10002", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10003", "epss": "0.000480000", "percentile": "0.145240000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10004", "epss": "0.000450000", "percentile": "0.122820000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10005", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10006", "epss": "0.000830000", "percentile": "0.335880000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10007", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10008", "epss": "0.000540000", "percentile": "0.198120000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10009", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10010", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10011", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10012", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10013", "epss": "0.001890000", "percentile": "0.547060000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10015", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10016", "epss": "0.001890000", "percentile": "0.547060000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10017", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10018", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10019", "epss": "0.001550000", "percentile": "0.500960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10020", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10021", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10022", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10023", "epss": "0.001020000", "percentile": "0.403340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10024", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10025", "epss": "0.001930000", "percentile": "0.553780000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10027", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10028", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10029", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10030", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10031", "epss": "0.001640000", "percentile": "0.513380000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10032", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10035", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10036", "epss": "0.001690000", "percentile": "0.521870000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10038", "epss": "0.001020000", "percentile": "0.403340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10039", "epss": "0.001060000", "percentile": "0.416240000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10040", "epss": "0.002120000", "percentile": "0.574690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10041", "epss": "0.001200000", "percentile": "0.444490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10042", "epss": "0.001690000", "percentile": "0.521870000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10043", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10044", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10045", "epss": "0.001550000", "percentile": "0.500960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10046", "epss": "0.005260000", "percentile": "0.733980000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10047", "epss": "0.001640000", "percentile": "0.513380000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10048", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10049", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10052", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10053", "epss": "0.002680000", "percentile": "0.626260000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10056", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10057", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10058", "epss": "0.000830000", "percentile": "0.335880000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10059", "epss": "0.001200000", "percentile": "0.444490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10061", "epss": "0.003130000", "percentile": "0.654840000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10062", "epss": "0.000480000", "percentile": "0.145240000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10063", "epss": "0.001560000", "percentile": "0.502510000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10064", "epss": "0.000750000", "percentile": "0.303410000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10067", "epss": "0.002190000", "percentile": "0.581270000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10069", "epss": "0.001020000", "percentile": "0.403340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10070", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10071", "epss": "0.001780000", "percentile": "0.532850000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10072", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10073", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10074", "epss": "0.004150000", "percentile": "0.700500000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10075", "epss": "0.004870000", "percentile": "0.723000000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10076", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10078", "epss": "0.002280000", "percentile": "0.592170000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10079", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10080", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10081", "epss": "0.002820000", "percentile": "0.635730000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10082", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10083", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10084", "epss": "0.001080000", "percentile": "0.420610000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10085", "epss": "0.001150000", "percentile": "0.436790000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10086", "epss": "0.002790000", "percentile": "0.634370000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10087", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10088", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10089", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10090", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10091", "epss": "0.000830000", "percentile": "0.335880000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10092", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10093", "epss": "0.001540000", "percentile": "0.498870000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10094", "epss": "0.000840000", "percentile": "0.340900000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10095", "epss": "0.001000000", "percentile": "0.397340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10096", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10097", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10098", "epss": "0.000890000", "percentile": "0.362800000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10100", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10101", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10102", "epss": "0.002030000", "percentile": "0.565050000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10103", "epss": "0.001080000", "percentile": "0.420610000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10104", "epss": "0.001260000", "percentile": "0.454560000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10105", "epss": "0.002670000", "percentile": "0.625100000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10106", "epss": "0.001750000", "percentile": "0.529040000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10107", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10108", "epss": "0.001710000", "percentile": "0.524300000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10109", "epss": "0.001710000", "percentile": "0.524300000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10110", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10111", "epss": "0.002790000", "percentile": "0.634370000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10112", "epss": "0.001460000", "percentile": "0.488480000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10113", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10114", "epss": "0.001970000", "percentile": "0.558300000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10115", "epss": "0.002010000", "percentile": "0.563150000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10116", "epss": "0.002320000", "percentile": "0.595470000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10117", "epss": "0.002840000", "percentile": "0.637450000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10118", "epss": "0.001970000", "percentile": "0.558830000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10119", "epss": "0.001200000", "percentile": "0.445980000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10120", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10121", "epss": "0.002610000", "percentile": "0.620660000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10122", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10123", "epss": "0.000710000", "percentile": "0.286660000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10125", "epss": "0.001460000", "percentile": "0.488310000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10126", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10128", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10129", "epss": "0.000690000", "percentile": "0.279720000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10130", "epss": "0.001200000", "percentile": "0.444490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10131", "epss": "0.000860000", "percentile": "0.348080000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10132", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10133", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10134", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10135", "epss": "0.002010000", "percentile": "0.563150000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10136", "epss": "0.001430000", "percentile": "0.483650000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10137", "epss": "0.005320000", "percentile": "0.735470000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10141", "epss": "0.001910000", "percentile": "0.548610000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10142", "epss": "0.000890000", "percentile": "0.362800000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10143", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10144", "epss": "0.001690000", "percentile": "0.521870000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10145", "epss": "0.001260000", "percentile": "0.454560000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10146", "epss": "0.002740000", "percentile": "0.630450000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10147", "epss": "0.003170000", "percentile": "0.657030000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10148", "epss": "0.002610000", "percentile": "0.620990000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10149", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10150", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10156", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10157", "epss": "0.001640000", "percentile": "0.513380000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10160", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10168", "epss": "0.000480000", "percentile": "0.145240000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10169", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10170", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10171", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10172", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10173", "epss": "0.001720000", "percentile": "0.526380000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10174", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10175", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10176", "epss": "0.001970000", "percentile": "0.558830000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10177", "epss": "0.001150000", "percentile": "0.436790000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10178", "epss": "0.001730000", "percentile": "0.527520000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10179", "epss": "0.001640000", "percentile": "0.513380000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10180", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10181", "epss": "0.001000000", "percentile": "0.397440000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10182", "epss": "0.001020000", "percentile": "0.403340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10183", "epss": "0.001580000", "percentile": "0.505830000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10184", "epss": "0.001460000", "percentile": "0.487770000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10185", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10186", "epss": "0.001460000", "percentile": "0.487770000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10187", "epss": "0.000480000", "percentile": "0.145390000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10188", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10189", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10191", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10192", "epss": "0.001460000", "percentile": "0.487770000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10193", "epss": "0.002160000", "percentile": "0.578610000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10195", "epss": "0.001780000", "percentile": "0.532850000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10196", "epss": "0.001910000", "percentile": "0.548610000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10198", "epss": "0.001890000", "percentile": "0.546950000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10199", "epss": "0.001750000", "percentile": "0.528960000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10200", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10201", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10202", "epss": "0.001960000", "percentile": "0.557960000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10204", "epss": "0.000900000", "percentile": "0.366910000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10205", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10206", "epss": "0.001580000", "percentile": "0.505830000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10207", "epss": "0.001470000", "percentile": "0.490330000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10208", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10209", "epss": "0.000480000", "percentile": "0.145390000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10210", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10211", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10212", "epss": "0.001020000", "percentile": "0.403340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10213", "epss": "0.000920000", "percentile": "0.377820000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10214", "epss": "0.001930000", "percentile": "0.553780000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10215", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10216", "epss": "0.001020000", "percentile": "0.403340000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10217", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10218", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10219", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10220", "epss": "0.000920000", "percentile": "0.377820000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10221", "epss": "0.000480000", "percentile": "0.145240000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10222", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10223", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10224", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10225", "epss": "0.000480000", "percentile": "0.145240000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10226", "epss": "0.001150000", "percentile": "0.436790000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10228", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10229", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10230", "epss": "0.000830000", "percentile": "0.337580000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10231", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10232", "epss": "0.000810000", "percentile": "0.329450000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10233", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10234", "epss": "0.000450000", "percentile": "0.122820000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10235", "epss": "0.000510000", "percentile": "0.175780000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10236", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10237", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10238", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10239", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10240", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10241", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10242", "epss": "0.000450000", "percentile": "0.122890000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10243", "epss": "0.002150000", "percentile": "0.577920000", "modified": "2023-03-19"}, {"cve": "CVE-2017-10244", "epss": "0.001460000", "percentile": "0.487770000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10245", "epss": "0.001710000", "percentile": "0.525260000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10246", "epss": "0.009510000", "percentile": "0.808110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10247", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10248", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10249", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10250", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10251", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10252", "epss": "0.000520000", "percentile": "0.181930000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10253", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10254", "epss": "0.000740000", "percentile": "0.300110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10255", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10256", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10257", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10258", "epss": "0.001430000", "percentile": "0.484690000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3529", "epss": "0.001310000", "percentile": "0.462500000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3562", "epss": "0.001150000", "percentile": "0.436790000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3632", "epss": "0.011500000", "percentile": "0.826200000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3633", "epss": "0.004050000", "percentile": "0.696380000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3634", "epss": "0.001410000", "percentile": "0.480830000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3635", "epss": "0.001540000", "percentile": "0.498750000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3636", "epss": "0.000510000", "percentile": "0.179390000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3637", "epss": "0.001310000", "percentile": "0.462500000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3638", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3639", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3640", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3641", "epss": "0.001340000", "percentile": "0.467850000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3642", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3643", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3644", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3645", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3646", "epss": "0.000980000", "percentile": "0.392490000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3647", "epss": "0.000960000", "percentile": "0.387150000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3648", "epss": "0.000960000", "percentile": "0.386780000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3649", "epss": "0.000960000", "percentile": "0.387150000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3650", "epss": "0.002700000", "percentile": "0.627090000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3651", "epss": "0.002140000", "percentile": "0.576990000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3652", "epss": "0.001840000", "percentile": "0.539730000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3653", "epss": "0.001160000", "percentile": "0.438410000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3731", "epss": "0.042280000", "percentile": "0.909210000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3732", "epss": "0.008180000", "percentile": "0.792370000", "modified": "2023-03-19"}, {"cve": "CVE-2017-5638", "epss": "0.975380000", "percentile": "0.999830000", "modified": "2023-03-19"}, {"cve": "CVE-2017-5647", "epss": "0.004940000", "percentile": "0.725020000", "modified": "2023-03-19"}, {"cve": "CVE-2017-5650", "epss": "0.948370000", "percentile": "0.987800000", "modified": "2023-03-20"}, {"cve": "CVE-2017-5651", "epss": "0.004040000", "percentile": "0.696150000", "modified": "2023-03-20"}, {"cve": "CVE-2017-5689", "epss": "0.974600000", "percentile": "0.999120000", "modified": "2023-03-19"}], "vulnersScore": 2.1}, "affectedSoftware": [], "_state": {"dependencies": 1660012827, "score": 1684016453, "affected_software_major_version": 1666695388, "epss": 1679323282}, "_internal": {"score_hash": "0eaafa2ce4186b876ed1c56009e07571"}}

{"nessus": [{"lastseen": "2023-05-18T14:15:31", "description": "The version of Oracle E-Business installed on the remote host is missing the July 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by the following vulnerabilities :\n\n - Multiple integer overflow conditions exist in the OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit this to cause a denial of service.\n (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the OpenSSL component in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the OpennSSL component in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the OpenSSL component in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the 'openssl ts' command, to cause a denial of service or to disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the OpenSSL component in the Anti-Replay feature in the DTLS implementation due to improper handling of epoch sequence numbers in records. An unauthenticated, remote attacker can exploit this, via spoofed DTLS records, to cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the OpenSSL component in the BN_bn2dec() function in bn_print.c due to improper validation of user-supplied input when handling BIGNUM values. An unauthenticated, remote attacker can exploit this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the OpenSSL component in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a 'birthday' attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session. (CVE-2016-2183)\n\n - A flaw exists in the OpenSSL component in the tls_decrypt_ticket() function in t1_lib.c due to improper handling of ticket HMAC digests. An unauthenticated, remote attacker can exploit this, via a ticket that is too short, to crash the process, resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the OpenSSL component in the MDC2_Update() function in mdc2dgst.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or possibly the execution of arbitrary code. (CVE-2016-6303)\n\n - A flaw exists in the OpenSSL component in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition. (CVE-2016-6304)\n\n - A flaw exists in the OpenSSL component in the SSL_peek() function in rec_layer_s3.c due to improper handling of empty records. An unauthenticated, remote attacker can exploit this, by triggering a zero-length record in an SSL_peek call, to cause an infinite loop, resulting in a denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the OpenSSL component in the certificate parser that allows an unauthenticated, remote attacker to cause a denial of service via crafted certificate operations.\n (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the OpenSSL component in the state-machine implementation due to a failure to check for an excessive length before allocating memory. An unauthenticated, remote attacker can exploit this, via a crafted TLS message, to exhaust memory resources. (CVE-2016-6307)\n\n - A denial of service vulnerability exists in the OpenSSL component in the DTLS implementation due to improper handling of excessively long DTLS messages. An unauthenticated, remote attacker can exploit this, via a crafted DTLS message, to exhaust available memory resources. (CVE-2016-6308)\n\n - A remote code execution vulnerability exists in the OpenSSL component in the read_state_machine() function in statem.c due to improper handling of messages larger than 16k. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a use-after-free error, resulting in a denial of service condition or possibly the execution of arbitrary code.\n (CVE-2016-6309)\n\n - A denial of service vulnerability exists in the OpenSSL component in x509_vfy.c due to improper handling of certificate revocation lists (CRLs). An unauthenticated, remote attacker can exploit this, via a specially crafted CRL, to cause a NULL pointer dereference, resulting in a crash of the service. (CVE-2016-7052)\n\n - An unspecified flaw exists in the AD Utilities component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-3562)\n\n - An unspecified flaw exists in the Registration component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10112)\n\n - An unspecified flaw exists in the CRM User Management Framework component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2017-10113)\n\n - An unspecified flaw exists in the User Management component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2017-10130)\n\n - An unspecified flaw exists in the Preferences component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10143)\n\n - An unspecified flaw exists in the Oracle Diagnostics component that allows an unauthenticated, remote attacker to cause a denial of service condition.\n (CVE-2017-10144)\n\n - An unspecified flaw exists in the Wireless/WAP component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10170)\n\n - An unspecified flaw exists in the Home Page component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10171)\n\n - An unspecified flaw exists in the Service Request component that allows an unauthenticated, remote attacker to impact confidentiality and integrity.\n (CVE-2017-10174)\n\n - An unspecified flaw exists in the Profiles component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10175)\n\n - An unspecified flaw exists in the Flexfields component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10177)\n\n - An unspecified flaw exists in the Monitoring component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10179)\n\n - A cross-site scripting (XSS) vulnerability exists in the CMRO component due to improper validation of user-supplied input to multiple parameters before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-10180)\n\n - An information disclosure vulnerability exists in the Wireless/WAP component due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a directory traversal attack, to disclose arbitrary files. (CVE-2017-10184)\n\n - A cross-site scripting (XSS) vulnerability exists in the User Management component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-10185)\n\n - An information disclosure vulnerability exists in the User and Company Profile component due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a directory traversal attack, to disclose arbitrary files.\n (CVE-2017-10186)\n\n - A cross-site scripting (XSS) vulnerability exists in the Web Analytics component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-10191)\n\n - An information disclosure vulnerability exists in the Shopping Cart component due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a directory traversal attack, to disclose arbitrary files. (CVE-2017-10192)\n\n - An information disclosure vulnerability exists in the Attachments component that allows an unauthenticated, remote attacker to disclose any document stored on the system. (CVE-2017-10244)\n\n - An information disclosure vulnerability exists in the Account Hierarchy Manager component that allows an unauthenticated, remote attacker to disclose sensitive information in the DBC configuration file.\n (CVE-2017-10245)\n\n - An unspecified flaw exists in the iHelp component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10246)", "cvss3": {}, "published": "2017-07-20T00:00:00", "type": "nessus", "title": "Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-7052", "CVE-2017-10112", "CVE-2017-10113", "CVE-2017-10130", "CVE-2017-10143", "CVE-2017-10144", "CVE-2017-10170", "CVE-2017-10171", "CVE-2017-10174", "CVE-2017-10175", "CVE-2017-10177", "CVE-2017-10179", "CVE-2017-10180", "CVE-2017-10184", "CVE-2017-10185", "CVE-2017-10186", "CVE-2017-10191", "CVE-2017-10192", "CVE-2017-10244", "CVE-2017-10245", "CVE-2017-10246", "CVE-2017-3562"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:e-business_suite"], "id": "ORACLE_E-BUSINESS_CPU_JUL_2017.NASL", "href": "https://www.tenable.com/plugins/nessus/101845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101845);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-2177\",\n \"CVE-2016-2178\",\n \"CVE-2016-2179\",\n \"CVE-2016-2180\",\n \"CVE-2016-2181\",\n \"CVE-2016-2182\",\n \"CVE-2016-2183\",\n \"CVE-2016-6302\",\n \"CVE-2016-6303\",\n \"CVE-2016-6304\",\n \"CVE-2016-6305\",\n \"CVE-2016-6306\",\n \"CVE-2016-6307\",\n \"CVE-2016-6308\",\n \"CVE-2016-6309\",\n \"CVE-2016-7052\",\n \"CVE-2017-3562\",\n \"CVE-2017-10112\",\n \"CVE-2017-10113\",\n \"CVE-2017-10130\",\n \"CVE-2017-10143\",\n \"CVE-2017-10144\",\n \"CVE-2017-10170\",\n \"CVE-2017-10171\",\n \"CVE-2017-10174\",\n \"CVE-2017-10175\",\n \"CVE-2017-10177\",\n \"CVE-2017-10179\",\n \"CVE-2017-10180\",\n \"CVE-2017-10184\",\n \"CVE-2017-10185\",\n \"CVE-2017-10186\",\n \"CVE-2017-10191\",\n \"CVE-2017-10192\",\n \"CVE-2017-10244\",\n \"CVE-2017-10245\",\n \"CVE-2017-10246\"\n );\n script_bugtraq_id(\n 91081,\n 91319,\n 92117,\n 92557,\n 92628,\n 92630,\n 92982,\n 92984,\n 92987,\n 93149,\n 93150,\n 93151,\n 93152,\n 93153,\n 93171,\n 93177,\n 99625,\n 99630,\n 99633,\n 99636,\n 99639,\n 99647,\n 99655,\n 99658,\n 99663,\n 99664,\n 99672,\n 99678,\n 99685,\n 99690,\n 99693,\n 99700,\n 99702,\n 99708,\n 99713,\n 99715,\n 99717\n );\n\n script_name(english:\"Oracle E-Business Multiple Vulnerabilities (July 2017 CPU) (SWEET32)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle E-Business installed on the remote host is\nmissing the July 2017 Oracle Critical Patch Update (CPU). It is,\ntherefore, affected by the following vulnerabilities :\n\n - Multiple integer overflow conditions exist in the\n OpenSSL component in s3_srvr.c, ssl_sess.c, and t1_lib.c\n due to improper use of pointer arithmetic for\n heap-buffer boundary checks. An unauthenticated, remote\n attacker can exploit this to cause a denial of service.\n (CVE-2016-2177)\n\n - An information disclosure vulnerability exists in the\n OpenSSL component in the dsa_sign_setup() function in\n dsa_ossl.c due to a failure to properly ensure the use\n of constant-time operations. An unauthenticated, remote\n attacker can exploit this, via a timing side-channel\n attack, to disclose DSA key information. (CVE-2016-2178)\n\n - A denial of service vulnerability exists in the OpennSSL\n component in the DTLS implementation due to a failure to\n properly restrict the lifetime of queue entries\n associated with unused out-of-order messages. An\n unauthenticated, remote attacker can exploit this, by\n maintaining multiple crafted DTLS sessions\n simultaneously, to exhaust memory. (CVE-2016-2179)\n\n - An out-of-bounds read error exists in the OpenSSL\n component in the X.509 Public Key Infrastructure\n Time-Stamp Protocol (TSP) implementation. An\n unauthenticated, remote attacker can exploit this, via a\n crafted time-stamp file that is mishandled by the\n 'openssl ts' command, to cause a denial of service or to\n disclose sensitive information. (CVE-2016-2180)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the Anti-Replay feature in the DTLS\n implementation due to improper handling of epoch\n sequence numbers in records. An unauthenticated, remote\n attacker can exploit this, via spoofed DTLS records, to\n cause legitimate packets to be dropped. (CVE-2016-2181)\n\n - An overflow condition exists in the OpenSSL component in\n the BN_bn2dec() function in bn_print.c due to improper\n validation of user-supplied input when handling BIGNUM\n values. An unauthenticated, remote attacker can exploit\n this to crash the process. (CVE-2016-2182)\n\n - A vulnerability exists, known as SWEET32, in the OpenSSL\n component in the 3DES and Blowfish algorithms due to the\n use of weak 64-bit block ciphers by default. A\n man-in-the-middle attacker who has sufficient resources\n can exploit this vulnerability, via a 'birthday' attack,\n to detect a collision that leaks the XOR between the\n fixed secret and a known plaintext, allowing the\n disclosure of the secret text, such as secure HTTPS\n cookies, and possibly resulting in the hijacking of an\n authenticated session. (CVE-2016-2183)\n\n - A flaw exists in the OpenSSL component in the\n tls_decrypt_ticket() function in t1_lib.c due to\n improper handling of ticket HMAC digests. An\n unauthenticated, remote attacker can exploit this, via a\n ticket that is too short, to crash the process,\n resulting in a denial of service. (CVE-2016-6302)\n\n - An integer overflow condition exists in the OpenSSL\n component in the MDC2_Update() function in mdc2dgst.c\n due to improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this to\n cause a heap-based buffer overflow, resulting in a\n denial of service condition or possibly the execution of\n arbitrary code. (CVE-2016-6303)\n\n - A flaw exists in the OpenSSL component in the\n ssl_parse_clienthello_tlsext() function in t1_lib.c due\n to improper handling of overly large OCSP Status Request\n extensions from clients. An unauthenticated, remote\n attacker can exploit this, via large OCSP Status Request\n extensions, to exhaust memory resources, resulting in a\n denial of service condition. (CVE-2016-6304)\n\n - A flaw exists in the OpenSSL component in the SSL_peek()\n function in rec_layer_s3.c due to improper handling of\n empty records. An unauthenticated, remote attacker can\n exploit this, by triggering a zero-length record in an\n SSL_peek call, to cause an infinite loop, resulting in a\n denial of service condition. (CVE-2016-6305)\n\n - An out-of-bounds read error exists in the OpenSSL\n component in the certificate parser that allows an\n unauthenticated, remote attacker to cause a denial of\n service via crafted certificate operations.\n (CVE-2016-6306)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the state-machine implementation due to a\n failure to check for an excessive length before\n allocating memory. An unauthenticated, remote attacker\n can exploit this, via a crafted TLS message, to exhaust\n memory resources. (CVE-2016-6307)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in the DTLS implementation due to improper\n handling of excessively long DTLS messages. An\n unauthenticated, remote attacker can exploit this, via a\n crafted DTLS message, to exhaust available memory\n resources. (CVE-2016-6308)\n\n - A remote code execution vulnerability exists in the\n OpenSSL component in the read_state_machine() function\n in statem.c due to improper handling of messages larger\n than 16k. An unauthenticated, remote attacker can\n exploit this, via a specially crafted message, to cause\n a use-after-free error, resulting in a denial of service\n condition or possibly the execution of arbitrary code.\n (CVE-2016-6309)\n\n - A denial of service vulnerability exists in the OpenSSL\n component in x509_vfy.c due to improper handling of\n certificate revocation lists (CRLs). An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted CRL, to cause a NULL pointer dereference,\n resulting in a crash of the service. (CVE-2016-7052)\n\n - An unspecified flaw exists in the AD Utilities component\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-3562)\n\n - An unspecified flaw exists in the Registration component\n that allows an unauthenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2017-10112)\n\n - An unspecified flaw exists in the CRM User Management\n Framework component that allows an unauthenticated,\n remote attacker to impact confidentiality and integrity.\n (CVE-2017-10113)\n\n - An unspecified flaw exists in the User Management\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2017-10130)\n\n - An unspecified flaw exists in the Preferences component\n that allows an unauthenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2017-10143)\n\n - An unspecified flaw exists in the Oracle Diagnostics\n component that allows an unauthenticated, remote\n attacker to cause a denial of service condition.\n (CVE-2017-10144)\n\n - An unspecified flaw exists in the Wireless/WAP component\n that allows an unauthenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2017-10170)\n\n - An unspecified flaw exists in the Home Page component\n that allows an unauthenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2017-10171)\n\n - An unspecified flaw exists in the Service Request\n component that allows an unauthenticated, remote\n attacker to impact confidentiality and integrity.\n (CVE-2017-10174)\n\n - An unspecified flaw exists in the Profiles component\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10175)\n\n - An unspecified flaw exists in the Flexfields component\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10177)\n\n - An unspecified flaw exists in the Monitoring component\n that allows an unauthenticated, remote attacker to\n impact confidentiality and integrity. (CVE-2017-10179)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n CMRO component due to improper validation of\n user-supplied input to multiple parameters before\n returning it to users. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n request, to execute arbitrary script code in a user's\n browser session. (CVE-2017-10180)\n\n - An information disclosure vulnerability exists in the\n Wireless/WAP component due to improper sanitization of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, via a directory traversal attack, to\n disclose arbitrary files. (CVE-2017-10184)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n User Management component due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session. (CVE-2017-10185)\n\n - An information disclosure vulnerability exists in the\n User and Company Profile component due to improper\n sanitization of user-supplied input. An unauthenticated,\n remote attacker can exploit this, via a directory\n traversal attack, to disclose arbitrary files.\n (CVE-2017-10186)\n\n - A cross-site scripting (XSS) vulnerability exists in the\n Web Analytics component due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, via a specially crafted request, to\n execute arbitrary script code in a user's browser\n session. (CVE-2017-10191)\n\n - An information disclosure vulnerability exists in the\n Shopping Cart component due to improper sanitization of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, via a directory traversal attack, to\n disclose arbitrary files. (CVE-2017-10192)\n\n - An information disclosure vulnerability exists in the\n Attachments component that allows an unauthenticated,\n remote attacker to disclose any document stored on the\n system. (CVE-2017-10244)\n\n - An information disclosure vulnerability exists in the\n Account Hierarchy Manager component that allows an\n unauthenticated, remote attacker to disclose sensitive\n information in the DBC configuration file.\n (CVE-2017-10245)\n\n - An unspecified flaw exists in the iHelp component that\n allows an unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10246)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixEBS\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f6b5a59\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sweet32.info\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/blog/blog/2016/08/24/sweet32/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2017 Oracle Critical\nPatch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6309\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:e-business_suite\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_e-business_query_patch_info.nbin\");\n script_require_keys(\"Oracle/E-Business/Version\", \"Oracle/E-Business/patches/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Oracle/E-Business/Version\");\npatches = get_kb_item_or_exit(\"Oracle/E-Business/patches/installed\");\n\n# Batch checks\nif (patches) patches = split(patches, sep:',', keep:FALSE);\nelse patches = make_list();\n\np12_1 = '25982921';\np12_2 = '25982922';\n\n# Check if the installed version is an affected version\naffected_versions = make_array(\n '12.1.1', make_list(p12_1),\n '12.1.2', make_list(p12_1),\n '12.1.3', make_list(p12_1),\n\n '12.2.3', make_list(p12_2),\n '12.2.4', make_list(p12_2),\n '12.2.5', make_list(p12_2),\n '12.2.6', make_list(p12_2)\n);\n\npatched = FALSE;\naffectedver = FALSE;\n\nif (affected_versions[version])\n{\n affectedver = TRUE;\n patchids = affected_versions[version];\n foreach required_patch (patchids)\n {\n foreach applied_patch (patches)\n {\n if(required_patch == applied_patch)\n {\n patched = applied_patch;\n break;\n }\n }\n if(patched) break;\n }\n if(!patched) patchreport = join(patchids,sep:\" or \");\n}\n\nif (!patched && affectedver)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+version+' Patch '+patchreport+\n '\\n';\n security_hole(port:0,extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);\nelse exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:45", "description": "An update of the openjdk package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Openjdk PHSA-2017-0026", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7459", "CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10102", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10121", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10145", "CVE-2017-10176", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openjdk", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0026_OPENJDK.NASL", "href": "https://www.tenable.com/plugins/nessus/121718", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0026. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121718);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2013-7459\",\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10086\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10102\",\n \"CVE-2017-10104\",\n \"CVE-2017-10105\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10111\",\n \"CVE-2017-10114\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10117\",\n \"CVE-2017-10118\",\n \"CVE-2017-10121\",\n \"CVE-2017-10125\",\n \"CVE-2017-10135\",\n \"CVE-2017-10145\",\n \"CVE-2017-10176\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n\n script_name(english:\"Photon OS 1.0: Openjdk PHSA-2017-0026\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openjdk package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-56.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7459\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-debuginfo-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-doc-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-sample-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjdk-src-1.8.0.141-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:16", "description": "Security Fix(es) :\n\n - It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n - Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n - It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)\n\n - It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions.\n (CVE-2017-10078)\n\n - It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms.\n (CVE-2017-10198)\n\n - A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)\n\n - A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)\n\n - It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n - Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)\n\n - It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170720)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10135", "CVE-2017-10193", "CVE-2017-10198"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170720_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/101884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101884);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10135\", \"CVE-2017-10193\", \"CVE-2017-10198\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170720)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the DCG implementation in the RMI\n component of OpenJDK failed to correctly handle\n references. A remote attacker could possibly use this\n flaw to execute arbitrary code with the privileges of\n RMI registry or a Java RMI application. (CVE-2017-10102)\n\n - Multiple flaws were discovered in the RMI, JAXP,\n ImageIO, Libraries, AWT, Hotspot, and Security\n components in OpenJDK. An untrusted Java application or\n applet could use these flaws to completely bypass Java\n sandbox restrictions. (CVE-2017-10107, CVE-2017-10096,\n CVE-2017-10101, CVE-2017-10089, CVE-2017-10090,\n CVE-2017-10087, CVE-2017-10111, CVE-2017-10110,\n CVE-2017-10074, CVE-2017-10067)\n\n - It was discovered that the LDAPCertStore class in the\n Security component of OpenJDK followed LDAP referrals to\n arbitrary URLs. A specially crafted LDAP referral URL\n could cause LDAPCertStore to communicate with non-LDAP\n servers. (CVE-2017-10116)\n\n - It was discovered that the Nashorn JavaScript engine in\n the Scripting component of OpenJDK could allow scripts\n to access Java APIs even when access to Java APIs was\n disabled. An untrusted JavaScript executed by Nashorn\n could use this flaw to bypass intended restrictions.\n (CVE-2017-10078)\n\n - It was discovered that the Security component of OpenJDK\n could fail to properly enforce restrictions defined for\n processing of X.509 certificate chains. A remote\n attacker could possibly use this flaw to make Java\n accept certificate using one of the disabled algorithms.\n (CVE-2017-10198)\n\n - A covert timing channel flaw was found in the DSA\n implementation in the JCE component of OpenJDK. A remote\n attacker able to make a Java application generate DSA\n signatures on demand could possibly use this flaw to\n extract certain information about the used key via a\n timing side channel. (CVE-2017-10115)\n\n - A covert timing channel flaw was found in the PKCS#8\n implementation in the JCE component of OpenJDK. A remote\n attacker able to make a Java application repeatedly\n compare PKCS#8 key against an attacker controlled value\n could possibly use this flaw to determine the key via a\n timing side channel. (CVE-2017-10135)\n\n - It was discovered that the BasicAttribute and CodeSource\n classes in OpenJDK did not limit the amount of memory\n allocated when creating object instances from a\n serialized form. A specially crafted serialized input\n stream could cause Java to consume an excessive amount\n of memory. (CVE-2017-10108, CVE-2017-10109)\n\n - Multiple flaws were found in the Hotspot and Security\n components in OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass certain Java\n sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)\n\n - It was discovered that the JPEGImageReader\n implementation in the 2D component of OpenJDK would, in\n certain cases, read all image data even if it was not\n used later. A specially crafted image could cause a Java\n application to temporarily use an excessive amount of\n CPU and memory. (CVE-2017-10053)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707&L=scientific-linux-errata&F=&S=&P=10218\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4883d92\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:52", "description": "This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-10053: Improved image post-processing steps (bsc#1049305)\n\n - CVE-2017-10067: Additional jar validation steps (bsc#1049306)\n\n - CVE-2017-10074: Image conversion improvements (bsc#1049307)\n\n - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)\n\n - CVE-2017-10081: Right parenthesis issue (bsc#1049309)\n\n - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310)\n\n - CVE-2017-10087: Better Thread Pool execution (bsc#1049311)\n\n - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)\n\n - CVE-2017-10090: Better handling of channel groups (bsc#1049313)\n\n - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)\n\n - CVE-2017-10101: Better reading of text catalogs (bsc#1049315)\n\n - CVE-2017-10102: Improved garbage collection (bsc#1049316)\n\n - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317)\n\n - CVE-2017-10107: Less Active Activations (bsc#1049318)\n\n - CVE-2017-10108: Better naming attribution (bsc#1049319)\n\n - CVE-2017-10109: Better sourcing of code (bsc#1049320)\n\n - CVE-2017-10110: Better image fetching (bsc#1049321)\n\n - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)\n\n - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323)\n\n - CVE-2017-10115: Higher quality DSA operations (bsc#1049324)\n\n - CVE-2017-10116: Proper directory lookup processing (bsc#1049325)\n\n - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)\n\n - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327)\n\n - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)\n\n - CVE-2017-10176: Additional elliptic curve support (bsc#1049329)\n\n - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330)\n\n - CVE-2017-10198: Clear certificate chain connections (bsc#1049331)\n\n - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332)\n\nBug fixes :\n\n - Check registry registration location\n\n - Improved certificate processing\n\n - JMX diagnostic improvements\n\n - Update to libpng 1.6.28\n\n - Import of OpenJDK 8 u141 build 15 (bsc#1049302)\n\nNew features :\n\n - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_8_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-954.NASL", "href": "https://www.tenable.com/plugins/nessus/102621", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-954.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102621);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10086\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10114\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10125\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n\n script_name(english:\"openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)\");\n script_summary(english:\"Check for the openSUSE-2017-954 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0)\nfixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-10053: Improved image post-processing steps\n (bsc#1049305)\n\n - CVE-2017-10067: Additional jar validation steps\n (bsc#1049306)\n\n - CVE-2017-10074: Image conversion improvements\n (bsc#1049307)\n\n - CVE-2017-10078: Better script accessibility for\n JavaScript (bsc#1049308)\n\n - CVE-2017-10081: Right parenthesis issue (bsc#1049309)\n\n - CVE-2017-10086: Unspecified vulnerability in\n subcomponent JavaFX (bsc#1049310)\n\n - CVE-2017-10087: Better Thread Pool execution\n (bsc#1049311)\n\n - CVE-2017-10089: Service Registration Lifecycle\n (bsc#1049312)\n\n - CVE-2017-10090: Better handling of channel groups\n (bsc#1049313)\n\n - CVE-2017-10096: Transform Transformer Exceptions\n (bsc#1049314)\n\n - CVE-2017-10101: Better reading of text catalogs\n (bsc#1049315)\n\n - CVE-2017-10102: Improved garbage collection\n (bsc#1049316)\n\n - CVE-2017-10105: Unspecified vulnerability in\n subcomponent deployment (bsc#1049317)\n\n - CVE-2017-10107: Less Active Activations (bsc#1049318)\n\n - CVE-2017-10108: Better naming attribution (bsc#1049319)\n\n - CVE-2017-10109: Better sourcing of code (bsc#1049320)\n\n - CVE-2017-10110: Better image fetching (bsc#1049321)\n\n - CVE-2017-10111: Rearrange MethodHandle arrangements\n (bsc#1049322)\n\n - CVE-2017-10114: Unspecified vulnerability in\n subcomponent JavaFX (bsc#1049323)\n\n - CVE-2017-10115: Higher quality DSA operations\n (bsc#1049324)\n\n - CVE-2017-10116: Proper directory lookup processing\n (bsc#1049325)\n\n - CVE-2017-10118: Higher quality ECDSA operations\n (bsc#1049326)\n\n - CVE-2017-10125: Unspecified vulnerability in\n subcomponent deployment (bsc#1049327)\n\n - CVE-2017-10135: Better handling of PKCS8 material\n (bsc#1049328)\n\n - CVE-2017-10176: Additional elliptic curve support\n (bsc#1049329)\n\n - CVE-2017-10193: Improve algorithm constraints\n implementation (bsc#1049330)\n\n - CVE-2017-10198: Clear certificate chain connections\n (bsc#1049331)\n\n - CVE-2017-10243: Unspecified vulnerability in\n subcomponent JAX-WS (bsc#1049332)\n\nBug fixes :\n\n - Check registry registration location\n\n - Improved certificate processing\n\n - JMX diagnostic improvements\n\n - Update to libpng 1.6.28\n\n - Import of OpenJDK 8 u141 build 15 (bsc#1049302)\n\nNew features :\n\n - Support using RSAandMGF1 with the SHA hash algorithms in\n the PKCS11 provider\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1049332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_8_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_8_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"java-1_8_0-openjdk-src-1.8.0.144-10.13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-accessibility-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-demo-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-devel-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-javadoc-1.8.0.144-13.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"java-1_8_0-openjdk-src-1.8.0.144-13.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk / java-1_8_0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:57", "description": "The remote host is affected by the vulnerability described in GLSA-201709-22 (Oracle JDK/JRE, IcedTea: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and IcedTea. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or gain access to information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-09-25T00:00:00", "type": "nessus", "title": "GLSA-201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10121", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:icedtea-bin", "p-cpe:/a:gentoo:linux:oracle-jdk-bin", "p-cpe:/a:gentoo:linux:oracle-jre-bin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201709-22.NASL", "href": "https://www.tenable.com/plugins/nessus/103450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201709-22.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103450);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10086\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10114\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10117\", \"CVE-2017-10118\", \"CVE-2017-10121\", \"CVE-2017-10125\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"GLSA\", value:\"201709-22\");\n\n script_name(english:\"GLSA-201709-22 : Oracle JDK/JRE, IcedTea: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201709-22\n(Oracle JDK/JRE, IcedTea: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Oracle’s JRE, JDK and\n IcedTea. Please review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, or gain\n access to information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201709-22\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Oracle JDK binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=dev-java/oracle-jdk-bin-1.8.0.141'\n All Oracle JRE binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=dev-java/oracle-jre-bin-1.8.0.141'\n All IcedTea binary 7.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-7.2.6.11'\n All IcedTea binary 3.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/icedtea-bin-3.5.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:icedtea-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:oracle-jdk-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:oracle-jre-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/icedtea-bin\", unaffected:make_list(\"ge 7.2.6.11\", \"ge 3.5.0\"), vulnerable:make_list(\"lt 7.2.6.11\", \"lt 3.5.0\"))) flag++;\nif (qpkg_check(package:\"dev-java/oracle-jdk-bin\", unaffected:make_list(\"ge 1.8.0.141\"), vulnerable:make_list(\"lt 1.8.0.141\"))) flag++;\nif (qpkg_check(package:\"dev-java/oracle-jre-bin\", unaffected:make_list(\"ge 1.8.0.141\"), vulnerable:make_list(\"lt 1.8.0.141\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Oracle JDK/JRE / IcedTea\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:38", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, incorrect authentication, the execution of arbitrary code, denial of service, information disclosure, use of insecure cryptography or bypassing Jar verification.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7u151-2.6.11-1+deb7u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-29T00:00:00", "type": "nessus", "title": "Debian DLA-1073-1 : openjdk-7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:icedtea-7-jre-cacao", "p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm", "p-cpe:/a:debian:debian_linux:openjdk-7-dbg", "p-cpe:/a:debian:debian_linux:openjdk-7-demo", "p-cpe:/a:debian:debian_linux:openjdk-7-doc", "p-cpe:/a:debian:debian_linux:openjdk-7-jdk", "p-cpe:/a:debian:debian_linux:openjdk-7-jre", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib", "p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero", "p-cpe:/a:debian:debian_linux:openjdk-7-source", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1073.NASL", "href": "https://www.tenable.com/plugins/nessus/102806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102806);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n\n script_name(english:\"Debian DLA-1073-1 : openjdk-7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in sandbox\nbypass, incorrect authentication, the execution of arbitrary code,\ndenial of service, information disclosure, use of insecure\ncryptography or bypassing Jar verification.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7u151-2.6.11-1+deb7u1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedtea-7-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-cacao\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-dbg\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-demo\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-doc\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jdk\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-7-source\", reference:\"7u151-2.6.11-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:17", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the 2D component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-10053)\n\n - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10067, CVE-2017-10116)\n\n - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10074)\n\n - An unspecified flaw exists in the Scripting component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10078)\n\n - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10081)\n\n - Multiple unspecified flaws exist in the JavaFX component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)\n\n - Multiple unspecified flaws exist in the Libraries component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111)\n\n - An unspecified flaw exists in the ImageIO component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10089)\n\n - Multiple unspecified flaws exist in the JAXP component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)\n\n - Multiple unspecified flaws exist in the RMI component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)\n\n - Multiple unspecified flaws exist in the Server component of the Java Advanced Management Console that allow an authenticated, remote attacker to impact confidentiality, integrity, and availability.\n (CVE-2017-10104, CVE-2017-10145)\n\n - An unspecified flaw exists in the Deployment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10105)\n\n - Multiple unspecified flaws exist in the Serialization component that allow an unauthenticated, remote attacker to exhaust available memory, resulting in a denial of service condition. (CVE-2017-10108, CVE-2017-10109)\n\n - An unspecified flaw exists in the AWT component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10110)\n\n - Multiple unspecified flaws exist in the JCE component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135)\n\n - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10117)\n\n - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10121)\n\n - An unspecified flaw exists in the Deployment component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-10125)\n\n - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)\n\n - An unspecified flaw exists in the JAX-WS component that allows an unauthenticated, remote attacker to impact confidentiality and availability. (CVE-2017-10243)", "cvss3": {}, "published": "2017-07-20T00:00:00", "type": "nessus", "title": "Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10121", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10145", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_JUL_2017_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/101844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101844);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10081\",\n \"CVE-2017-10086\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10101\",\n \"CVE-2017-10102\",\n \"CVE-2017-10104\",\n \"CVE-2017-10105\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10110\",\n \"CVE-2017-10111\",\n \"CVE-2017-10114\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10117\",\n \"CVE-2017-10118\",\n \"CVE-2017-10121\",\n \"CVE-2017-10125\",\n \"CVE-2017-10135\",\n \"CVE-2017-10145\",\n \"CVE-2017-10176\",\n \"CVE-2017-10193\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n script_bugtraq_id(\n 99643,\n 99659,\n 99662,\n 99670,\n 99674,\n 99703,\n 99706,\n 99707,\n 99712,\n 99719,\n 99726,\n 99731,\n 99734,\n 99752,\n 99756,\n 99774,\n 99782,\n 99788,\n 99797,\n 99804,\n 99809,\n 99818,\n 99827,\n 99832,\n 99835,\n 99839,\n 99842,\n 99846,\n 99847,\n 99851,\n 99853,\n 99854\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Unix host contains a programming platform that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 141, 7 Update 151,\nor 6 Update 161. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the 2D component that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10053)\n\n - Multiple unspecified flaws exist in the Security\n component that allow an unauthenticated, remote attacker\n to execute arbitrary code. (CVE-2017-10067,\n CVE-2017-10116)\n\n - An unspecified flaw exists in the Hotspot component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10074)\n\n - An unspecified flaw exists in the Scripting component\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10078)\n\n - An unspecified flaw exists in the Hotspot component that\n allows an unauthenticated, remote attacker to impact\n integrity. (CVE-2017-10081)\n\n - Multiple unspecified flaws exist in the JavaFX component\n that allow an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)\n\n - Multiple unspecified flaws exist in the Libraries\n component that allow an unauthenticated, remote attacker\n to execute arbitrary code. (CVE-2017-10087,\n CVE-2017-10090, CVE-2017-10111)\n\n - An unspecified flaw exists in the ImageIO component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10089)\n\n - Multiple unspecified flaws exist in the JAXP component\n that allow an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)\n\n - Multiple unspecified flaws exist in the RMI component\n that allow an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)\n\n - Multiple unspecified flaws exist in the Server component\n of the Java Advanced Management Console that allow an\n authenticated, remote attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-10104, CVE-2017-10145)\n\n - An unspecified flaw exists in the Deployment component\n that allows an unauthenticated, remote attacker to\n impact integrity. (CVE-2017-10105)\n\n - Multiple unspecified flaws exist in the Serialization\n component that allow an unauthenticated, remote attacker\n to exhaust available memory, resulting in a denial of\n service condition. (CVE-2017-10108, CVE-2017-10109)\n\n - An unspecified flaw exists in the AWT component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10110)\n\n - Multiple unspecified flaws exist in the JCE component\n that allow an unauthenticated, remote attacker to\n disclose sensitive information. (CVE-2017-10115,\n CVE-2017-10118, CVE-2017-10135)\n\n - An unspecified flaw exists in the Server component of\n the Java Advanced Management Console that allows an\n unauthenticated, remote attacker to disclose sensitive\n information. (CVE-2017-10117)\n\n - An unspecified flaw exists in the Server component of\n the Java Advanced Management Console that allows an\n unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10121)\n\n - An unspecified flaw exists in the Deployment component\n that allows a local attacker to impact confidentiality,\n integrity, and availability. (CVE-2017-10125)\n\n - Multiple unspecified flaws exist in the Security\n component that allow an unauthenticated, remote attacker\n to disclose sensitive information. (CVE-2017-10176,\n CVE-2017-10193, CVE-2017-10198)\n\n - An unspecified flaw exists in the JAX-WS component that\n allows an unauthenticated, remote attacker to impact\n confidentiality and availability. (CVE-2017-10243)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # http://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?755142b1\");\n # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2fbcacca\");\n # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?726f7054\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 141 / 7 Update 151 / 6 Update\n161 or later. If necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 6 Update 95 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10111\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 8 Update 141 / 7 Update 151 / 6 Update 161\n if (\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-9][0-9]|1[0-4][0-9]|150)([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-9][0-9]|1[0-3][0-9]|140)([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_161 / 1.7.0_151 / 1.8.0_141\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installations on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:17", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 8 Update 141, 7 Update 151, or 6 Update 161. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the 2D component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2017-10053)\n\n - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10067, CVE-2017-10116)\n\n - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10074)\n\n - An unspecified flaw exists in the Scripting component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10078)\n\n - An unspecified flaw exists in the Hotspot component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10081)\n\n - Multiple unspecified flaws exist in the JavaFX component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)\n\n - Multiple unspecified flaws exist in the Libraries component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111)\n\n - An unspecified flaw exists in the ImageIO component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10089)\n\n - Multiple unspecified flaws exist in the JAXP component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)\n\n - Multiple unspecified flaws exist in the RMI component that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)\n\n - Multiple unspecified flaws exist in the Server component of the Java Advanced Management Console that allow an authenticated, remote attacker to impact confidentiality, integrity, and availability.\n (CVE-2017-10104, CVE-2017-10145)\n\n - An unspecified flaw exists in the Deployment component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2017-10105)\n\n - Multiple unspecified flaws exist in the Serialization component that allow an unauthenticated, remote attacker to exhaust available memory, resulting in a denial of service condition. (CVE-2017-10108, CVE-2017-10109)\n\n - An unspecified flaw exists in the AWT component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-10110)\n\n - Multiple unspecified flaws exist in the JCE component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135)\n\n - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10117)\n\n - An unspecified flaw exists in the Server component of the Java Advanced Management Console that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2017-10121)\n\n - An unspecified flaw exists in the Deployment component that allows a local attacker to impact confidentiality, integrity, and availability. (CVE-2017-10125)\n\n - Multiple unspecified flaws exist in the Security component that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)\n\n - An unspecified flaw exists in the JAX-WS component that allows an unauthenticated, remote attacker to impact confidentiality and availability. (CVE-2017-10243)", "cvss3": {}, "published": "2017-07-20T00:00:00", "type": "nessus", "title": "Oracle Java SE Multiple Vulnerabilities (July 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10121", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10145", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_JUL_2017.NASL", "href": "https://www.tenable.com/plugins/nessus/101843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101843);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10081\",\n \"CVE-2017-10086\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10101\",\n \"CVE-2017-10102\",\n \"CVE-2017-10104\",\n \"CVE-2017-10105\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10110\",\n \"CVE-2017-10111\",\n \"CVE-2017-10114\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10117\",\n \"CVE-2017-10118\",\n \"CVE-2017-10121\",\n \"CVE-2017-10125\",\n \"CVE-2017-10135\",\n \"CVE-2017-10145\",\n \"CVE-2017-10176\",\n \"CVE-2017-10193\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n script_bugtraq_id(\n 99643,\n 99659,\n 99662,\n 99670,\n 99674,\n 99703,\n 99706,\n 99707,\n 99712,\n 99719,\n 99726,\n 99731,\n 99734,\n 99752,\n 99756,\n 99774,\n 99782,\n 99788,\n 99797,\n 99804,\n 99809,\n 99818,\n 99827,\n 99832,\n 99835,\n 99839,\n 99842,\n 99846,\n 99847,\n 99851,\n 99853,\n 99854\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (July 2017 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is prior to 8 Update 141, 7 Update 151,\nor 6 Update 161. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the 2D component that\n allows an unauthenticated, remote attacker to cause a\n denial of service condition. (CVE-2017-10053)\n\n - Multiple unspecified flaws exist in the Security\n component that allow an unauthenticated, remote attacker\n to execute arbitrary code. (CVE-2017-10067,\n CVE-2017-10116)\n\n - An unspecified flaw exists in the Hotspot component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10074)\n\n - An unspecified flaw exists in the Scripting component\n that allows an authenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10078)\n\n - An unspecified flaw exists in the Hotspot component that\n allows an unauthenticated, remote attacker to impact\n integrity. (CVE-2017-10081)\n\n - Multiple unspecified flaws exist in the JavaFX component\n that allow an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2017-10086, CVE-2017-10114)\n\n - Multiple unspecified flaws exist in the Libraries\n component that allow an unauthenticated, remote attacker\n to execute arbitrary code. (CVE-2017-10087,\n CVE-2017-10090, CVE-2017-10111)\n\n - An unspecified flaw exists in the ImageIO component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10089)\n\n - Multiple unspecified flaws exist in the JAXP component\n that allow an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2017-10096, CVE-2017-10101)\n\n - Multiple unspecified flaws exist in the RMI component\n that allow an unauthenticated, remote attacker to\n execute arbitrary code. (CVE-2017-10102, CVE-2017-10107)\n\n - Multiple unspecified flaws exist in the Server component\n of the Java Advanced Management Console that allow an\n authenticated, remote attacker to impact\n confidentiality, integrity, and availability.\n (CVE-2017-10104, CVE-2017-10145)\n\n - An unspecified flaw exists in the Deployment component\n that allows an unauthenticated, remote attacker to\n impact integrity. (CVE-2017-10105)\n\n - Multiple unspecified flaws exist in the Serialization\n component that allow an unauthenticated, remote attacker\n to exhaust available memory, resulting in a denial of\n service condition. (CVE-2017-10108, CVE-2017-10109)\n\n - An unspecified flaw exists in the AWT component that\n allows an unauthenticated, remote attacker to execute\n arbitrary code. (CVE-2017-10110)\n\n - Multiple unspecified flaws exist in the JCE component\n that allow an unauthenticated, remote attacker to\n disclose sensitive information. (CVE-2017-10115,\n CVE-2017-10118, CVE-2017-10135)\n\n - An unspecified flaw exists in the Server component of\n the Java Advanced Management Console that allows an\n unauthenticated, remote attacker to disclose sensitive\n information. (CVE-2017-10117)\n\n - An unspecified flaw exists in the Server component of\n the Java Advanced Management Console that allows an\n unauthenticated, remote attacker to impact\n confidentiality and integrity. (CVE-2017-10121)\n\n - An unspecified flaw exists in the Deployment component\n that allows a local attacker to impact confidentiality,\n integrity, and availability. (CVE-2017-10125)\n\n - Multiple unspecified flaws exist in the Security\n component that allow an unauthenticated, remote attacker\n to disclose sensitive information. (CVE-2017-10176,\n CVE-2017-10193, CVE-2017-10198)\n\n - An unspecified flaw exists in the JAX-WS component that\n allows an unauthenticated, remote attacker to impact\n confidentiality and availability. (CVE-2017-10243)\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n # http://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?755142b1\");\n # https://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2fbcacca\");\n # http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?726f7054\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle JDK / JRE 8 Update 141 / 7 Update 151 / 6 Update\n161 or later. If necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 6 Update 95 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10111\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n # Fixes : (JDK|JRE) 8 Update 141 / 7 Update 151 / 6 Update 161\n if (\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-9][0-9]|1[0-5][0-9]|160)([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-9][0-9]|1[0-4][0-9]|150)([^0-9]|$)' ||\n ver =~ '^1\\\\.8\\\\.0_([0-9]|[0-9][0-9]|1[0-3][0-9]|140)([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.6.0_161 / 1.7.0_151 / 1.8.0_141\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installations on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:08", "description": "An update of [openjdk,openjre,pycrypto,python3-pycrypto] packages for PhotonOS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Openjdk / Openjre / Pycrypto / Python3 PHSA-2017-0026 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7459", "CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10102", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10121", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10145", "CVE-2017-10176", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openjdk", "p-cpe:/a:vmware:photonos:openjre", "p-cpe:/a:vmware:photonos:pycrypto", "p-cpe:/a:vmware:photonos:python3", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0026.NASL", "href": "https://www.tenable.com/plugins/nessus/111875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0026. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111875);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2013-7459\",\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10086\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10102\",\n \"CVE-2017-10104\",\n \"CVE-2017-10105\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10111\",\n \"CVE-2017-10114\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10117\",\n \"CVE-2017-10118\",\n \"CVE-2017-10121\",\n \"CVE-2017-10125\",\n \"CVE-2017-10135\",\n \"CVE-2017-10145\",\n \"CVE-2017-10176\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n\n script_name(english:\"Photon OS 1.0: Openjdk / Openjre / Pycrypto / Python3 PHSA-2017-0026 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [openjdk,openjre,pycrypto,python3-pycrypto] packages for\nPhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-56\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63d4d4e0\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7459\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"openjdk-1.8.0.141-1.ph1\",\n \"openjdk-debuginfo-1.8.0.141-1.ph1\",\n \"openjdk-doc-1.8.0.141-1.ph1\",\n \"openjdk-sample-1.8.0.141-1.ph1\",\n \"openjdk-src-1.8.0.141-1.ph1\",\n \"openjre-1.8.0.141-1.ph1\",\n \"pycrypto-2.6.1-3.ph1\",\n \"pycrypto-debuginfo-2.6.1-3.ph1\",\n \"python3-pycrypto-2.6.1-3.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk / openjre / pycrypto / python3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:17", "description": "An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 151.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243)", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:1791)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-03-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2017-1791.NASL", "href": "https://www.tenable.com/plugins/nessus/101881", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1791. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101881);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10081\", \"CVE-2017-10086\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10114\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"RHSA\", value:\"2017:1791\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:1791)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 151.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page, listed in the References\nsection. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074,\nCVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089,\nCVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102,\nCVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109,\nCVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116,\nCVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193,\nCVE-2017-10198, CVE-2017-10243)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76f5def7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/java/javaseproducts/documentation/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1791\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10243\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1791\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:10", "description": "The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.50 / 6.1 < 6.1.8.50 / 7.0 < 7.0.10.10 / 7.1 < 7.1.4.10 / 8.0 < 8.0.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 18 2017 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131;\n JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2017-10053)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10067)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10074)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2017-10078)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10081)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10087)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10089)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10090)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10096, CVE-2017-10101)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2017-10102)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10105)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10107)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2017-10108)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10109)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10110)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10111)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131;\n JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2017-10115)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded:\n 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2017-10116)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. (CVE-2017-10125)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX- WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131;\n JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2017-10243)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "IBM Java 6.0 < 6.0.16.50 / 6.1 < 6.1.8.50 / 7.0 < 7.0.10.10 / 7.1 < 7.1.4.10 / 8.0 < 8.0.4.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10125", "CVE-2017-10243"], "modified": "2022-04-29T00:00:00", "cpe": ["cpe:/a:ibm:java"], "id": "IBM_JAVA_2017_07_18.NASL", "href": "https://www.tenable.com/plugins/nessus/160347", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160347);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/29\");\n\n script_cve_id(\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10081\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10101\",\n \"CVE-2017-10102\",\n \"CVE-2017-10105\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10110\",\n \"CVE-2017-10111\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10125\",\n \"CVE-2017-10243\"\n );\n script_xref(name:\"IAVA\", value:\"2017-A-0226-S\");\n\n script_name(english:\"IBM Java 6.0 < 6.0.16.50 / 6.1 < 6.1.8.50 / 7.0 < 7.0.10.10 / 7.1 < 7.1.4.10 / 8.0 < 8.0.4.10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"IBM Java is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.50 / 6.1 < 6.1.8.50 / 7.0 < 7.0.10.10 /\n7.1 < 7.1.4.10 / 8.0 < 8.0.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July\n18 2017 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131;\n JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web\n Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2017-10053)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that\n are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks require human interaction from a person other than the attacker. Successful attacks of this\n vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2017-10067)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in takeover\n of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability\n does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code\n installed by an administrator). (CVE-2017-10074)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version\n that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can\n result in unauthorized creation, deletion or modification access to critical data or all Java SE\n accessible data as well as unauthorized access to critical data or complete access to all Java SE\n accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications\n and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component\n without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web\n service. (CVE-2017-10078)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or\n delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to\n Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java\n applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java\n sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that\n load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10081)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE,\n Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2017-10087)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that\n are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise Java SE. Successful attacks require\n human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks\n may significantly impact additional products. Successful attacks of this vulnerability can result in\n takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2017-10089)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).\n Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE,\n Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2017-10090)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported\n versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE,\n Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2017-10096, CVE-2017-10101)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported\n versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to\n exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in takeover\n of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in\n the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets,\n such as through a web service. (CVE-2017-10102)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions\n that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful\n attacks require human interaction from a person other than the attacker. Successful attacks of this\n vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible\n data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java\n Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes\n from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2017-10105)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported\n versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to\n compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other\n than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE,\n Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2017-10107)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE\n Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks\n of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial\n DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed\n Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs\n in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets,\n such as through a web service. (CVE-2017-10108)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE\n Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks\n of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial\n DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments,\n typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load\n and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for\n security. This vulnerability does not apply to Java deployments, typically in servers, that load and run\n only trusted code (e.g., code installed by an administrator). (CVE-2017-10109)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are\n affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise Java SE. Successful attacks require\n human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks\n may significantly impact additional products. Successful attacks of this vulnerability can result in\n takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running\n sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,\n code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not\n apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed\n by an administrator). (CVE-2017-10110)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The\n supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the\n attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact\n additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE\n Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed\n Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that\n comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to\n Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2017-10111)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE).\n Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131;\n JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java\n SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web\n Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2017-10115)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded:\n 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network\n access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require\n human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE\n Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this\n vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can\n be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be\n exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start\n applications or sandboxed Java applets, such as through a web service. (CVE-2017-10116)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions\n that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access\n to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional\n products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to\n deployment of Java where the Java Auto Update is enabled. (CVE-2017-10125)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-\n WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131;\n JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit\n accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,\n Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2017-10243)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98563\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98564\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98565\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98566\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98567\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98568\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98569\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98572\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98573\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98574\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98575\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98576\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98579\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98581\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98584\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98632\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98633\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV98639\");\n # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#Oracle_July_18_2017_CPU\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9278472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oracle July 18 2017 CPU advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10111\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_java_nix_installed.nbin\", \"ibm_java_win_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['IBM Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '6.0.0', 'fixed_version' : '6.0.16.50' },\n { 'min_version' : '6.1.0', 'fixed_version' : '6.1.8.50' },\n { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.10' },\n { 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.10' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.0.4.10' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:58", "description": "The version of Oracle VM VirtualBox installed on the remote host is 5.1.x prior to 5.1.24. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified vulnerabilities exist in the Core component that allow a local attacker to have an impact on confidentiality, integrity, and availability.\n (CVE-2017-10129, CVE-2017-10204, CVE-2017-10210, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242)\n\n - Multiple unspecified vulnerabilities exist in the Core component that allow a local attacker to have an impact on integrity and availability. (CVE-2017-10187, CVE-2017-10233, CVE-2017-10235)\n\n - An unspecified vulnerability exists in the Core component that allows a local attacker to have an impact on confidentiality and availability. (CVE-2017-10209)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-07-19T00:00:00", "type": "nessus", "title": "Oracle VM VirtualBox 5.1.x < 5.1.24 (July 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10129", "CVE-2017-10187", "CVE-2017-10204", "CVE-2017-10209", "CVE-2017-10210", "CVE-2017-10233", "CVE-2017-10235", "CVE-2017-10236", "CVE-2017-10237", "CVE-2017-10238", "CVE-2017-10239", "CVE-2017-10240", "CVE-2017-10241", "CVE-2017-10242"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:oracle:vm_virtualbox"], "id": "VIRTUALBOX_5_1_24.NASL", "href": "https://www.tenable.com/plugins/nessus/101818", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101818);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-10129\",\n \"CVE-2017-10187\",\n \"CVE-2017-10204\",\n \"CVE-2017-10209\",\n \"CVE-2017-10210\",\n \"CVE-2017-10233\",\n \"CVE-2017-10235\",\n \"CVE-2017-10236\",\n \"CVE-2017-10237\",\n \"CVE-2017-10238\",\n \"CVE-2017-10239\",\n \"CVE-2017-10240\",\n \"CVE-2017-10241\",\n \"CVE-2017-10242\"\n );\n script_bugtraq_id(\n 99631,\n 99638,\n 99640,\n 99642,\n 99645,\n 99667,\n 99668,\n 99681,\n 99683,\n 99687,\n 99689,\n 99705,\n 99709,\n 99711\n );\n\n script_name(english:\"Oracle VM VirtualBox 5.1.x < 5.1.24 (July 2017 CPU)\");\n script_summary(english:\"Performs a version check on VirtualBox.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle VM VirtualBox installed on the remote host is\n5.1.x prior to 5.1.24. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified vulnerabilities exist in the Core\n component that allow a local attacker to have an impact\n on confidentiality, integrity, and availability.\n (CVE-2017-10129, CVE-2017-10204, CVE-2017-10210,\n CVE-2017-10236, CVE-2017-10237, CVE-2017-10238,\n CVE-2017-10239, CVE-2017-10240, CVE-2017-10241,\n CVE-2017-10242)\n\n - Multiple unspecified vulnerabilities exist in the Core\n component that allow a local attacker to have an impact\n on integrity and availability. (CVE-2017-10187,\n CVE-2017-10233, CVE-2017-10235)\n\n - An unspecified vulnerability exists in the Core\n component that allows a local attacker to have an impact\n on confidentiality and availability. (CVE-2017-10209)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76f5def7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.virtualbox.org/wiki/Changelog\");\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3236622.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efb80e57\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle VM VirtualBox version 5.1.24 or later as\nreferenced in the July 2017 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10242\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:vm_virtualbox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"virtualbox_installed.nasl\", \"macosx_virtualbox_installed.nbin\");\n script_require_ports(\"installed_sw/Oracle VM VirtualBox\", \"installed_sw/VirtualBox\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = NULL;\napps = make_list('Oracle VM VirtualBox', 'VirtualBox');\n\nforeach app (apps)\n{\n if (get_install_count(app_name:app)) break;\n else app = NULL;\n}\n\nif (isnull(app)) audit(AUDIT_NOT_INST, 'Oracle VM VirtualBox');\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nver = install['version'];\npath = install['path'];\n\n# Affected :\n# 5.1.x < 5.1.24\nif (ver =~ '^5\\\\.1' && ver_compare(ver:ver, fix:'5.1.24', strict:FALSE) < 0) fix = '5.1.24';\nelse audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);\n\nport = 0;\nif (app == 'Oracle VM VirtualBox')\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n}\n\nreport =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:24", "description": "This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed :\n\n - CVE-2017-10053: Improved image post-processing steps (bsc#1049305)\n\n - CVE-2017-10067: Additional jar validation steps (bsc#1049306)\n\n - CVE-2017-10074: Image conversion improvements (bsc#1049307)\n\n - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308)\n\n - CVE-2017-10081: Right parenthesis issue (bsc#1049309)\n\n - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310)\n\n - CVE-2017-10087: Better Thread Pool execution (bsc#1049311)\n\n - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312)\n\n - CVE-2017-10090: Better handling of channel groups (bsc#1049313)\n\n - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314)\n\n - CVE-2017-10101: Better reading of text catalogs (bsc#1049315)\n\n - CVE-2017-10102: Improved garbage collection (bsc#1049316)\n\n - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317)\n\n - CVE-2017-10107: Less Active Activations (bsc#1049318)\n\n - CVE-2017-10108: Better naming attribution (bsc#1049319)\n\n - CVE-2017-10109: Better sourcing of code (bsc#1049320)\n\n - CVE-2017-10110: Better image fetching (bsc#1049321)\n\n - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322)\n\n - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323)\n\n - CVE-2017-10115: Higher quality DSA operations (bsc#1049324)\n\n - CVE-2017-10116: Proper directory lookup processing (bsc#1049325)\n\n - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326)\n\n - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327)\n\n - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328)\n\n - CVE-2017-10176: Additional elliptic curve support (bsc#1049329)\n\n - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330)\n\n - CVE-2017-10198: Clear certificate chain connections (bsc#1049331)\n\n - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes :\n\n - Check registry registration location\n\n - Improved certificate processing\n\n - JMX diagnostic improvements\n\n - Update to libpng 1.6.28\n\n - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features :\n\n - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-17T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2175-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless", "p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2175-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2175-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102541);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10086\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10114\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10125\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2175-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0)\nfixes the following issues: Security issues fixed :\n\n - CVE-2017-10053: Improved image post-processing steps\n (bsc#1049305)\n\n - CVE-2017-10067: Additional jar validation steps\n (bsc#1049306)\n\n - CVE-2017-10074: Image conversion improvements\n (bsc#1049307)\n\n - CVE-2017-10078: Better script accessibility for\n JavaScript (bsc#1049308)\n\n - CVE-2017-10081: Right parenthesis issue (bsc#1049309)\n\n - CVE-2017-10086: Unspecified vulnerability in\n subcomponent JavaFX (bsc#1049310)\n\n - CVE-2017-10087: Better Thread Pool execution\n (bsc#1049311)\n\n - CVE-2017-10089: Service Registration Lifecycle\n (bsc#1049312)\n\n - CVE-2017-10090: Better handling of channel groups\n (bsc#1049313)\n\n - CVE-2017-10096: Transform Transformer Exceptions\n (bsc#1049314)\n\n - CVE-2017-10101: Better reading of text catalogs\n (bsc#1049315)\n\n - CVE-2017-10102: Improved garbage collection\n (bsc#1049316)\n\n - CVE-2017-10105: Unspecified vulnerability in\n subcomponent deployment (bsc#1049317)\n\n - CVE-2017-10107: Less Active Activations (bsc#1049318)\n\n - CVE-2017-10108: Better naming attribution (bsc#1049319)\n\n - CVE-2017-10109: Better sourcing of code (bsc#1049320)\n\n - CVE-2017-10110: Better image fetching (bsc#1049321)\n\n - CVE-2017-10111: Rearrange MethodHandle arrangements\n (bsc#1049322)\n\n - CVE-2017-10114: Unspecified vulnerability in\n subcomponent JavaFX (bsc#1049323)\n\n - CVE-2017-10115: Higher quality DSA operations\n (bsc#1049324)\n\n - CVE-2017-10116: Proper directory lookup processing\n (bsc#1049325)\n\n - CVE-2017-10118: Higher quality ECDSA operations\n (bsc#1049326)\n\n - CVE-2017-10125: Unspecified vulnerability in\n subcomponent deployment (bsc#1049327)\n\n - CVE-2017-10135: Better handling of PKCS8 material\n (bsc#1049328)\n\n - CVE-2017-10176: Additional elliptic curve support\n (bsc#1049329)\n\n - CVE-2017-10193: Improve algorithm constraints\n implementation (bsc#1049330)\n\n - CVE-2017-10198: Clear certificate chain connections\n (bsc#1049331)\n\n - CVE-2017-10243: Unspecified vulnerability in\n subcomponent JAX-WS (bsc#1049332) Bug fixes :\n\n - Check registry registration location\n\n - Improved certificate processing\n\n - JMX diagnostic improvements\n\n - Update to libpng 1.6.28\n\n - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New\n features :\n\n - Support using RSAandMGF1 with the SHA hash algorithms in\n the PKCS11 provider\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049302\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049329\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10067/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10086/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10090/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10102/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10109/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10135/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10176/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10193/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10198/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10243/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172175-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c1410fd1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1337=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1337=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1337=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1337=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1337=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1337=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1337=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1337=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-openjdk-headless-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-devel-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-demo-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-devel-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debuginfo-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-debugsource-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-1.8.0.144-27.5.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-openjdk-headless-debuginfo-1.8.0.144-27.5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:59", "description": "This update for java-1_8_0-ibm fixes the following issues :\n\n - Version update to 8.0-4.10 [bsc#1053431] CVE-2017-10111, CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10074, CVE-2017-10078, CVE-2017-10115, CVE-2017-10067, CVE-2017-10125, CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-10053, CVE-2017-10105, CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here:\n https://developer.ibm.com/javasdk/support/security-vulne rabilities/#Oracle_ July_18_2017_CPU\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:2263-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10125", "CVE-2017-10243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_8_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2263-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2263-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102801);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10125\", \"CVE-2017-10243\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:2263-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_8_0-ibm fixes the following issues :\n\n - Version update to 8.0-4.10 [bsc#1053431] CVE-2017-10111,\n CVE-2017-10110, CVE-2017-10107, CVE-2017-10101,\n CVE-2017-10096, CVE-2017-10090, CVE-2017-10089,\n CVE-2017-10087, CVE-2017-10102, CVE-2017-10116,\n CVE-2017-10074, CVE-2017-10078, CVE-2017-10115,\n CVE-2017-10067, CVE-2017-10125, CVE-2017-10243,\n CVE-2017-10109, CVE-2017-10108, CVE-2017-10053,\n CVE-2017-10105, CVE-2017-10081: Multiple unspecified\n vulnerabilities in multiple Java components could lead\n to code execution or sandbox escape More information can\n be found here:\n https://developer.ibm.com/javasdk/support/security-vulne\n rabilities/#Oracle_ July_18_2017_CPU\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053431\"\n );\n # https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?540e7757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10067/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10078/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10081/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10087/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10089/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10090/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10102/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10109/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-10243/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172263-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a7990e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1389=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1389=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1389=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1389=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1389=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1389=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1389=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-ibm-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_8_0-ibm-devel-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_8_0-ibm-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-alsa-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_8_0-ibm-plugin-1.8.0_sr4.10-30.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_8_0-ibm-1.8.0_sr4.10-30.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_8_0-ibm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:57", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, incorrect authentication, the execution of arbitrary code, denial of service, information disclosure, use of insecure cryptography or bypassing Jar verification.", "cvss3": {}, "published": "2017-08-28T00:00:00", "type": "nessus", "title": "Debian DSA-3954-1 : openjdk-7 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3954.NASL", "href": "https://www.tenable.com/plugins/nessus/102790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3954. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102790);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"DSA\", value:\"3954\");\n\n script_name(english:\"Debian DSA-3954-1 : openjdk-7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in sandbox\nbypass, incorrect authentication, the execution of arbitrary code,\ndenial of service, information disclosure, use of insecure\ncryptography or bypassing Jar verification.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openjdk-7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3954\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-7 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 7u151-2.6.11-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"icedtea-7-jre-jamvm\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-dbg\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-demo\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-doc\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jdk\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-headless\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-lib\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-jre-zero\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openjdk-7-source\", reference:\"7u151-2.6.11-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:15", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n* Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n* It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)\n\n* It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078)\n\n* It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms.\n(CVE-2017-10198)\n\n* A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)\n\n* A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)\n\n* It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n* Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)\n\n* It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory.\n(CVE-2017-10053)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10135", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.8.0-openjdk", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/101906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1789 and \n# CentOS Errata and Security Advisory 2017:1789 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101906);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10135\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"RHSA\", value:\"2017:1789\");\n\n script_name(english:\"CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:1789)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* It was discovered that the DCG implementation in the RMI component\nof OpenJDK failed to correctly handle references. A remote attacker\ncould possibly use this flaw to execute arbitrary code with the\nprivileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n* Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries,\nAWT, Hotspot, and Security components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to completely bypass Java\nsandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101,\nCVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111,\nCVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n* It was discovered that the LDAPCertStore class in the Security\ncomponent of OpenJDK followed LDAP referrals to arbitrary URLs. A\nspecially crafted LDAP referral URL could cause LDAPCertStore to\ncommunicate with non-LDAP servers. (CVE-2017-10116)\n\n* It was discovered that the Nashorn JavaScript engine in the\nScripting component of OpenJDK could allow scripts to access Java APIs\neven when access to Java APIs was disabled. An untrusted JavaScript\nexecuted by Nashorn could use this flaw to bypass intended\nrestrictions. (CVE-2017-10078)\n\n* It was discovered that the Security component of OpenJDK could fail\nto properly enforce restrictions defined for processing of X.509\ncertificate chains. A remote attacker could possibly use this flaw to\nmake Java accept certificate using one of the disabled algorithms.\n(CVE-2017-10198)\n\n* A covert timing channel flaw was found in the DSA implementation in\nthe JCE component of OpenJDK. A remote attacker able to make a Java\napplication generate DSA signatures on demand could possibly use this\nflaw to extract certain information about the used key via a timing\nside channel. (CVE-2017-10115)\n\n* A covert timing channel flaw was found in the PKCS#8 implementation\nin the JCE component of OpenJDK. A remote attacker able to make a Java\napplication repeatedly compare PKCS#8 key against an attacker\ncontrolled value could possibly use this flaw to determine the key via\na timing side channel. (CVE-2017-10135)\n\n* It was discovered that the BasicAttribute and CodeSource classes in\nOpenJDK did not limit the amount of memory allocated when creating\nobject instances from a serialized form. A specially crafted\nserialized input stream could cause Java to consume an excessive\namount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n* Multiple flaws were found in the Hotspot and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2017-10081,\nCVE-2017-10193)\n\n* It was discovered that the JPEGImageReader implementation in the 2D\ncomponent of OpenJDK would, in certain cases, read all image data even\nif it was not used later. A specially crafted image could cause a Java\napplication to temporarily use an excessive amount of CPU and memory.\n(CVE-2017-10053)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-July/022508.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23b3e7c5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-July/022509.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01d9e6e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.8.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10087\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-accessibility-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-javadoc-zip-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:14", "description": "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.\n (CVE-2017-10102)\n\n - Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n - It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)\n\n - It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions.\n (CVE-2017-10078)\n\n - It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198)\n\n - A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)\n\n - A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel.\n (CVE-2017-10135)\n\n - It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n - Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)\n\n - It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10135", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:java-1.8.0-openjdk", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel", "p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1151.NASL", "href": "https://www.tenable.com/plugins/nessus/102238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102238);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10081\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10101\",\n \"CVE-2017-10102\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10110\",\n \"CVE-2017-10111\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10135\",\n \"CVE-2017-10193\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1151)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the java-1.8.0-openjdk packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was discovered that the DCG implementation in the\n RMI component of OpenJDK failed to correctly handle\n references. A remote attacker could possibly use this\n flaw to execute arbitrary code with the privileges of\n RMI registry or a Java RMI application.\n (CVE-2017-10102)\n\n - Multiple flaws were discovered in the RMI, JAXP,\n ImageIO, Libraries, AWT, Hotspot, and Security\n components in OpenJDK. An untrusted Java application or\n applet could use these flaws to completely bypass Java\n sandbox restrictions. (CVE-2017-10107, CVE-2017-10096,\n CVE-2017-10101, CVE-2017-10089, CVE-2017-10090,\n CVE-2017-10087, CVE-2017-10111, CVE-2017-10110,\n CVE-2017-10074, CVE-2017-10067)\n\n - It was discovered that the LDAPCertStore class in the\n Security component of OpenJDK followed LDAP referrals\n to arbitrary URLs. A specially crafted LDAP referral\n URL could cause LDAPCertStore to communicate with\n non-LDAP servers. (CVE-2017-10116)\n\n - It was discovered that the Nashorn JavaScript engine in\n the Scripting component of OpenJDK could allow scripts\n to access Java APIs even when access to Java APIs was\n disabled. An untrusted JavaScript executed by Nashorn\n could use this flaw to bypass intended restrictions.\n (CVE-2017-10078)\n\n - It was discovered that the Security component of\n OpenJDK could fail to properly enforce restrictions\n defined for processing of X.509 certificate chains. A\n remote attacker could possibly use this flaw to make\n Java accept certificate using one of the disabled\n algorithms. (CVE-2017-10198)\n\n - A covert timing channel flaw was found in the DSA\n implementation in the JCE component of OpenJDK. A\n remote attacker able to make a Java application\n generate DSA signatures on demand could possibly use\n this flaw to extract certain information about the used\n key via a timing side channel. (CVE-2017-10115)\n\n - A covert timing channel flaw was found in the PKCS#8\n implementation in the JCE component of OpenJDK. A\n remote attacker able to make a Java application\n repeatedly compare PKCS#8 key against an attacker\n controlled value could possibly use this flaw to\n determine the key via a timing side channel.\n (CVE-2017-10135)\n\n - It was discovered that the BasicAttribute and\n CodeSource classes in OpenJDK did not limit the amount\n of memory allocated when creating object instances from\n a serialized form. A specially crafted serialized input\n stream could cause Java to consume an excessive amount\n of memory. (CVE-2017-10108, CVE-2017-10109)\n\n - Multiple flaws were found in the Hotspot and Security\n components in OpenJDK. An untrusted Java application or\n applet could use these flaws to bypass certain Java\n sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)\n\n - It was discovered that the JPEGImageReader\n implementation in the 2D component of OpenJDK would, in\n certain cases, read all image data even if it was not\n used later. A specially crafted image could cause a\n Java application to temporarily use an excessive amount\n of CPU and memory. (CVE-2017-10053)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1151\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee5be874\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.141-1.b16\",\n \"java-1.8.0-openjdk-devel-1.8.0.141-1.b16\",\n \"java-1.8.0-openjdk-headless-1.8.0.141-1.b16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:16", "description": "An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n* Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n* It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)\n\n* It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078)\n\n* It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms.\n(CVE-2017-10198)\n\n* A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)\n\n* A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)\n\n* It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n* Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)\n\n* It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory.\n(CVE-2017-10053)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-1789)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10135", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-debug", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src", "p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src-debug", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-1789.NASL", "href": "https://www.tenable.com/plugins/nessus/119220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119220);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10081\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10101\",\n \"CVE-2017-10102\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10110\",\n \"CVE-2017-10111\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10135\",\n \"CVE-2017-10193\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n\n script_name(english:\"Virtuozzo 6 : java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc (VZLSA-2017-1789)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.8.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime\nEnvironment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* It was discovered that the DCG implementation in the RMI component\nof OpenJDK failed to correctly handle references. A remote attacker\ncould possibly use this flaw to execute arbitrary code with the\nprivileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n* Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries,\nAWT, Hotspot, and Security components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to completely bypass Java\nsandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101,\nCVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111,\nCVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n* It was discovered that the LDAPCertStore class in the Security\ncomponent of OpenJDK followed LDAP referrals to arbitrary URLs. A\nspecially crafted LDAP referral URL could cause LDAPCertStore to\ncommunicate with non-LDAP servers. (CVE-2017-10116)\n\n* It was discovered that the Nashorn JavaScript engine in the\nScripting component of OpenJDK could allow scripts to access Java APIs\neven when access to Java APIs was disabled. An untrusted JavaScript\nexecuted by Nashorn could use this flaw to bypass intended\nrestrictions. (CVE-2017-10078)\n\n* It was discovered that the Security component of OpenJDK could fail\nto properly enforce restrictions defined for processing of X.509\ncertificate chains. A remote attacker could possibly use this flaw to\nmake Java accept certificate using one of the disabled algorithms.\n(CVE-2017-10198)\n\n* A covert timing channel flaw was found in the DSA implementation in\nthe JCE component of OpenJDK. A remote attacker able to make a Java\napplication generate DSA signatures on demand could possibly use this\nflaw to extract certain information about the used key via a timing\nside channel. (CVE-2017-10115)\n\n* A covert timing channel flaw was found in the PKCS#8 implementation\nin the JCE component of OpenJDK. A remote attacker able to make a Java\napplication repeatedly compare PKCS#8 key against an attacker\ncontrolled value could possibly use this flaw to determine the key via\na timing side channel. (CVE-2017-10135)\n\n* It was discovered that the BasicAttribute and CodeSource classes in\nOpenJDK did not limit the amount of memory allocated when creating\nobject instances from a serialized form. A specially crafted\nserialized input stream could cause Java to consume an excessive\namount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n* Multiple flaws were found in the Hotspot and Security components in\nOpenJDK. An untrusted Java application or applet could use these flaws\nto bypass certain Java sandbox restrictions. (CVE-2017-10081,\nCVE-2017-10193)\n\n* It was discovered that the JPEGImageReader implementation in the 2D\ncomponent of OpenJDK would, in certain cases, read all image data even\nif it was not used later. A specially crafted image could cause a Java\napplication to temporarily use an excessive amount of CPU and memory.\n(CVE-2017-10053)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1789.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffc7c635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:1789\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-demo-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-devel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-headless-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-javadoc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.8.0-openjdk-src-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.8.0-openjdk-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-debug-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-demo-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-devel-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-headless-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-src-1.8.0.141-2.b16.vl6\",\n \"java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-openjdk / java-1.8.0-openjdk-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:18", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, use of insecure cryptography, side channel attacks, information disclosure, the execution of arbitrary code, denial of service or bypassing Jar verification.", "cvss3": {}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-3919-1 : openjdk-8 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openjdk-8", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3919.NASL", "href": "https://www.tenable.com/plugins/nessus/101984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3919. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101984);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\");\n script_xref(name:\"DSA\", value:\"3919\");\n\n script_name(english:\"Debian DSA-3919-1 : openjdk-8 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in sandbox\nbypass, use of insecure cryptography, side channel attacks,\ninformation disclosure, the execution of arbitrary code, denial of\nservice or bypassing Jar verification.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openjdk-8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3919\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-8 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 8u141-b15-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-dbg\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-demo\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-doc\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jdk-headless\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-headless\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-jre-zero\", reference:\"8u141-b15-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openjdk-8-source\", reference:\"8u141-b15-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:24", "description": "The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.7.x prior to 11.1.1.7.170718, 11.1.1.9.x prior to 11.1.1.9.170718, 12.2.1.1.x prior to 12.2.1.1.170718, or 12.2.1.2.x prior to 12.2.1.2.170718. It is, therefore, affected by multiple vulnerabilities as noted in the April 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security) that could allow an unauthenticated attacker with network access via HTTP to compromise BI Publisher. A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. (CVE-2017-10025)\n\n - An unspecified vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools) that could allow an unauthenticated attacker with network access via HTTP to compromise BI Publisher. A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data.\n The attack requires human interaction. (CVE-2017-10024)\n\n - An unspecified vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server) that could allow an unauthenticated attacker with network access via HTTP to compromise BI Publisher. A successful attack of this vulnerability could result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data.\n The attack requires human interaction. (CVE-2017-10028)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-07-04T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2017 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3092", "CVE-2017-10024", "CVE-2017-10025", "CVE-2017-10028", "CVE-2017-10029", "CVE-2017-10030", "CVE-2017-10035", "CVE-2017-10041", "CVE-2017-10043", "CVE-2017-10058", "CVE-2017-10059", "CVE-2017-10156", "CVE-2017-10157"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_JUL_2017_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/126467", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126467);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2016-3092\",\n \"CVE-2017-10024\",\n \"CVE-2017-10025\",\n \"CVE-2017-10028\",\n \"CVE-2017-10029\",\n \"CVE-2017-10030\",\n \"CVE-2017-10035\",\n \"CVE-2017-10041\",\n \"CVE-2017-10043\",\n \"CVE-2017-10058\",\n \"CVE-2017-10059\",\n \"CVE-2017-10156\",\n \"CVE-2017-10157\"\n );\n script_bugtraq_id(\n 91453,\n 99682,\n 99694,\n 99696,\n 99697,\n 99723,\n 99724,\n 99738,\n 99740,\n 99741,\n 99742,\n 99743,\n 99820\n );\n\n script_name(english:\"Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2017 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Business Intelligence Publisher running on the\nremote host is 11.1.1.7.x prior to 11.1.1.7.170718, 11.1.1.9.x prior to 11.1.1.9.170718, \n12.2.1.1.x prior to 12.2.1.1.170718, or 12.2.1.2.x prior to 12.2.1.2.170718. It is,\ntherefore, affected by multiple vulnerabilities as noted in the\nApril 2019 Critical Patch Update advisory:\n\n - An unspecified vulnerability in the BI Publisher\n component of Oracle Fusion Middleware (subcomponent: BI Publisher Security)\n that could allow an unauthenticated attacker with network\n access via HTTP to compromise BI Publisher. A successful attack of\n this vulnerability could result in unauthorized access to critical data\n or complete access to all Oracle BI Publisher accessible data. (CVE-2017-10025)\n\n - An unspecified vulnerability in the BI Publisher\n component of Oracle Fusion Middleware (subcomponent: Layout Tools) that\n could allow an unauthenticated attacker with network access\n via HTTP to compromise BI Publisher. A successful attack of this vulnerability\n could result in unauthorized access to critical data\n or complete access to all Oracle BI Publisher accessible data.\n The attack requires human interaction. (CVE-2017-10024)\n\n - An unspecified vulnerability in the BI Publisher\n component of Oracle Fusion Middleware (subcomponent: Web Server) that\n could allow an unauthenticated attacker with network access\n via HTTP to compromise BI Publisher. A successful attack of this vulnerability\n could result in unauthorized access to critical data\n or complete access to all Oracle BI Publisher accessible data.\n The attack requires human interaction. (CVE-2017-10028)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d003111a\");\n # https://support.oracle.com/rs?type=doc&id=2261562.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e68a1603\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2017 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10157\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-10156\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\", \"oracle_bi_publisher_detect.nasl\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\nappname = 'Oracle Business Intelligence Publisher';\napp_info = vcf::get_app_info(app:appname);\n\n# 11.1.1.7.x - Bundle: 26092384 | Patch: 26146768\n# 11.1.1.9.x - Bundle: 26092391 | Patch: 26330183\n# 12.2.1.1.x - Bundle: 26146804 | Patch: 26146804\n# 12.2.1.2.x - Bundle: 26146793 | Patch: 26146793\nconstraints = [\n {'min_version': '11.1.1.7', 'fixed_version': '11.1.1.7.170718', 'patch': '26146768', 'bundle': '26092384'},\n {'min_version': '11.1.1.9', 'fixed_version': '11.1.1.9.170718', 'patch': '26330183', 'bundle': '26092391'},\n {'min_version': '12.2.1.1', 'fixed_version': '12.2.1.1.170718', 'patch': '26146804', 'bundle': '26146804'},\n {'min_version': '12.2.1.2', 'fixed_version': '12.2.1.2.170718', 'patch': '26146793', 'bundle': '26146793'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:31", "description": "An update of the openjre package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Openjre PHSA-2017-0026", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7459", "CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10102", "CVE-2017-10104", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10117", "CVE-2017-10118", "CVE-2017-10121", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10145", "CVE-2017-10176", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openjre", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0026_OPENJRE.NASL", "href": "https://www.tenable.com/plugins/nessus/121719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0026. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121719);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2013-7459\",\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10078\",\n \"CVE-2017-10086\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10102\",\n \"CVE-2017-10104\",\n \"CVE-2017-10105\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10111\",\n \"CVE-2017-10114\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10117\",\n \"CVE-2017-10118\",\n \"CVE-2017-10121\",\n \"CVE-2017-10125\",\n \"CVE-2017-10135\",\n \"CVE-2017-10145\",\n \"CVE-2017-10176\",\n \"CVE-2017-10198\",\n \"CVE-2017-10243\"\n );\n\n script_name(english:\"Photon OS 1.0: Openjre PHSA-2017-0026\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openjre package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-56.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7459\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openjre-1.8.0.141-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjre\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:20", "description": "It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053)\n\nIt was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067)\n\nIt was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code.\n(CVE-2017-10074)\n\nIt was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions.\n(CVE-2017-10078)\n\nIt was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081)\n\nIt was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087)\n\nIt was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions.\n(CVE-2017-10089)\n\nIt was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions.\n(CVE-2017-10090)\n\nIt was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks.\nAn attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions.\n(CVE-2017-10096)\n\nIt was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101)\n\nIt was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code.\n(CVE-2017-10102)\n\nIt was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107)\n\nIt was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108)\n\nIt was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109)\n\nIt was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110)\n\nJackson Davis discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code.\n(CVE-2017-10111)\n\nIt was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10115)\n\nIt was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116)\n\nIt was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10118)\n\nIlya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10135)\n\nIt was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information.\n(CVE-2017-10176)\n\nIt was discovered that OpenJDK did not properly restrict weak key sizes in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10193)\n\nIt was discovered that OpenJDK did not properly enforce disabled algorithm restrictions on X.509 certificate chains. An attacker could use this to expose sensitive information or escape sandbox restrictions. (CVE-2017-10198)\n\nIt was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information.\n(CVE-2017-10243).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 : openjdk-8 vulnerabilities (USN-3366-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3366-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102014", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3366-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102014);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"USN\", value:\"3366-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 : openjdk-8 vulnerabilities (USN-3366-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the JPEGImageReader class in OpenJDK would\nincorrectly read unused image data. An attacker could use this to\nspecially construct a jpeg image file that when opened by a Java\napplication would cause a denial of service. (CVE-2017-10053)\n\nIt was discovered that the JAR verifier in OpenJDK did not properly\nhandle archives containing files missing digests. An attacker could\nuse this to modify the signed contents of a JAR file. (CVE-2017-10067)\n\nIt was discovered that integer overflows existed in the Hotspot\ncomponent of OpenJDK when generating range check loop predicates. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions and cause\na denial of service or possibly execute arbitrary code.\n(CVE-2017-10074)\n\nIt was discovered that the JavaScript Scripting component of OpenJDK\nincorrectly allowed access to Java APIs. An attacker could use this to\nspecially craft JavaScript code to bypass access restrictions.\n(CVE-2017-10078)\n\nIt was discovered that OpenJDK did not properly process parentheses in\nfunction signatures. An attacker could use this to specially construct\nan untrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2017-10081)\n\nIt was discovered that the ThreadPoolExecutor class in OpenJDK did not\nproperly perform access control checks when cleaning up threads. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions and\npossibly execute arbitrary code. (CVE-2017-10087)\n\nIt was discovered that the ServiceRegistry implementation in OpenJDK\ndid not perform access control checks in certain situations. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that escaped sandbox restrictions.\n(CVE-2017-10089)\n\nIt was discovered that the channel groups implementation in OpenJDK\ndid not properly perform access control checks in some situations. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions.\n(CVE-2017-10090)\n\nIt was discovered that the DTM exception handling code in the JAXP\ncomponent of OpenJDK did not properly perform access control checks.\nAn attacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions.\n(CVE-2017-10096)\n\nIt was discovered that the JAXP component of OpenJDK incorrectly\ngranted access to some internal resolvers. An attacker could use this\nto specially construct an untrusted Java application or applet that\ncould escape sandbox restrictions. (CVE-2017-10101)\n\nIt was discovered that the Distributed Garbage Collector (DGC) in\nOpenJDK did not properly track references in some situations. A remote\nattacker could possibly use this to execute arbitrary code.\n(CVE-2017-10102)\n\nIt was discovered that the Activation ID implementation in the RMI\ncomponent of OpenJDK did not properly check access control permissions\nin some situations. An attacker could use this to specially construct\nan untrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2017-10107)\n\nIt was discovered that the BasicAttribute class in OpenJDK did not\nproperly bound memory allocation when de-serializing objects. An\nattacker could use this to cause a denial of service (memory\nconsumption). (CVE-2017-10108)\n\nIt was discovered that the CodeSource class in OpenJDK did not\nproperly bound memory allocations when de-serializing object\ninstances. An attacker could use this to cause a denial of service\n(memory consumption). (CVE-2017-10109)\n\nIt was discovered that the AWT ImageWatched class in OpenJDK did not\nproperly perform access control checks, An attacker could use this to\nspecially construct an untrusted Java application or applet that could\nescape sandbox restrictions (CVE-2017-10110)\n\nJackson Davis discovered that the LambdaFormEditor class in the\nLibraries component of OpenJDK did not correctly perform bounds checks\nin the permuteArgumentsForm() function. An attacker could use this to\nspecially construct an untrusted Java application or applet that could\nescape sandbox restrictions and possibly execute arbitrary code.\n(CVE-2017-10111)\n\nIt was discovered that a timing side-channel vulnerability existed in\nthe DSA implementation in OpenJDK. An attacker could use this to\nexpose sensitive information. (CVE-2017-10115)\n\nIt was discovered that the LDAP implementation in OpenJDK incorrectly\nfollowed references to non-LDAP URLs. An attacker could use this to\nspecially craft an LDAP referral URL that exposes sensitive\ninformation or bypass access restrictions. (CVE-2017-10116)\n\nIt was discovered that a timing side-channel vulnerability existed in\nthe ECDSA implementation in OpenJDK. An attacker could use this to\nexpose sensitive information. (CVE-2017-10118)\n\nIlya Maykov discovered that a timing side-channel vulnerability\nexisted in the PKCS#8 implementation in OpenJDK. An attacker could use\nthis to expose sensitive information. (CVE-2017-10135)\n\nIt was discovered that the Elliptic Curve (EC) implementation in\nOpenJDK did not properly compute certain elliptic curve points. An\nattacker could use this to expose sensitive information.\n(CVE-2017-10176)\n\nIt was discovered that OpenJDK did not properly restrict weak key\nsizes in some situations. An attacker could use this to specially\nconstruct an untrusted Java application or applet that could escape\nsandbox restrictions. (CVE-2017-10193)\n\nIt was discovered that OpenJDK did not properly enforce disabled\nalgorithm restrictions on X.509 certificate chains. An attacker could\nuse this to expose sensitive information or escape sandbox\nrestrictions. (CVE-2017-10198)\n\nIt was discovered that OpenJDK did not properly perform access control\nchecks when handling Web Service Definition Language (WSDL) XML\ndocuments. An attacker could use this to expose sensitive information.\n(CVE-2017-10243).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3366-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jdk\", pkgver:\"8u131-b11-2ubuntu1.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jdk-headless\", pkgver:\"8u131-b11-2ubuntu1.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre\", pkgver:\"8u131-b11-2ubuntu1.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u131-b11-2ubuntu1.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-jamvm\", pkgver:\"8u131-b11-2ubuntu1.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u131-b11-2ubuntu1.16.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jdk\", pkgver:\"8u131-b11-2ubuntu1.17.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jdk-headless\", pkgver:\"8u131-b11-2ubuntu1.17.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jre\", pkgver:\"8u131-b11-2ubuntu1.17.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u131-b11-2ubuntu1.17.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u131-b11-2ubuntu1.17.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk-8-jdk / openjdk-8-jdk-headless / openjdk-8-jre / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:43", "description": "USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053)\n\nIt was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests.\nAn attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067)\n\nIt was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074)\n\nIt was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs. An attacker could use this to specially craft JavaScript code to bypass access restrictions. (CVE-2017-10078)\n\nIt was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions.\n(CVE-2017-10081)\n\nIt was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087)\n\nIt was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089)\n\nIt was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090)\n\nIt was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096)\n\nIt was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101)\n\nIt was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code. (CVE-2017-10102)\n\nIt was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107)\n\nIt was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108)\n\nIt was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109)\n\nIt was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110)\n\nJackson Davis discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code.\n(CVE-2017-10111)\n\nIt was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information.\n(CVE-2017-10115)\n\nIt was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116)\n\nIt was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information.\n(CVE-2017-10118)\n\nIlya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10135)\n\nIt was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information. (CVE-2017-10176)\n\nIt was discovered that OpenJDK did not properly restrict weak key sizes in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions.\n(CVE-2017-10193)\n\nIt was discovered that OpenJDK did not properly enforce disabled algorithm restrictions on X.509 certificate chains.\nAn attacker could use this to expose sensitive information or escape sandbox restrictions. (CVE-2017-10198)\n\nIt was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information. (CVE-2017-10243).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 : openjdk-8 regression (USN-3366-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3366-2.NASL", "href": "https://www.tenable.com/plugins/nessus/102092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3366-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102092);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"USN\", value:\"3366-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 : openjdk-8 regression (USN-3366-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that\nupdate introduced a regression that caused some valid JAR files to\nfail validation. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that the JPEGImageReader class in OpenJDK would\nincorrectly read unused image data. An attacker could use this to\nspecially construct a jpeg image file that when opened by a Java\napplication would cause a denial of service. (CVE-2017-10053)\n\nIt was discovered that the JAR verifier in OpenJDK did not\nproperly handle archives containing files missing digests.\nAn attacker could use this to modify the signed contents of\na JAR file. (CVE-2017-10067)\n\nIt was discovered that integer overflows existed in the\nHotspot component of OpenJDK when generating range check\nloop predicates. An attacker could use this to specially\nconstruct an untrusted Java application or applet that could\nescape sandbox restrictions and cause a denial of service or\npossibly execute arbitrary code. (CVE-2017-10074)\n\nIt was discovered that the JavaScript Scripting component of\nOpenJDK incorrectly allowed access to Java APIs. An attacker\ncould use this to specially craft JavaScript code to bypass\naccess restrictions. (CVE-2017-10078)\n\nIt was discovered that OpenJDK did not properly process\nparentheses in function signatures. An attacker could use\nthis to specially construct an untrusted Java application or\napplet that could escape sandbox restrictions.\n(CVE-2017-10081)\n\nIt was discovered that the ThreadPoolExecutor class in\nOpenJDK did not properly perform access control checks when\ncleaning up threads. An attacker could use this to specially\nconstruct an untrusted Java application or applet that could\nescape sandbox restrictions and possibly execute arbitrary\ncode. (CVE-2017-10087)\n\nIt was discovered that the ServiceRegistry implementation in\nOpenJDK did not perform access control checks in certain\nsituations. An attacker could use this to specially\nconstruct an untrusted Java application or applet that\nescaped sandbox restrictions. (CVE-2017-10089)\n\nIt was discovered that the channel groups implementation in\nOpenJDK did not properly perform access control checks in\nsome situations. An attacker could use this to specially\nconstruct an untrusted Java application or applet that could\nescape sandbox restrictions. (CVE-2017-10090)\n\nIt was discovered that the DTM exception handling code in\nthe JAXP component of OpenJDK did not properly perform\naccess control checks. An attacker could use this to\nspecially construct an untrusted Java application or applet\nthat could escape sandbox restrictions. (CVE-2017-10096)\n\nIt was discovered that the JAXP component of OpenJDK\nincorrectly granted access to some internal resolvers. An\nattacker could use this to specially construct an untrusted\nJava application or applet that could escape sandbox\nrestrictions. (CVE-2017-10101)\n\nIt was discovered that the Distributed Garbage Collector\n(DGC) in OpenJDK did not properly track references in some\nsituations. A remote attacker could possibly use this to\nexecute arbitrary code. (CVE-2017-10102)\n\nIt was discovered that the Activation ID implementation in\nthe RMI component of OpenJDK did not properly check access\ncontrol permissions in some situations. An attacker could\nuse this to specially construct an untrusted Java\napplication or applet that could escape sandbox\nrestrictions. (CVE-2017-10107)\n\nIt was discovered that the BasicAttribute class in OpenJDK\ndid not properly bound memory allocation when de-serializing\nobjects. An attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-10108)\n\nIt was discovered that the CodeSource class in OpenJDK did\nnot properly bound memory allocations when de-serializing\nobject instances. An attacker could use this to cause a\ndenial of service (memory consumption). (CVE-2017-10109)\n\nIt was discovered that the AWT ImageWatched class in OpenJDK\ndid not properly perform access control checks, An attacker\ncould use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions\n(CVE-2017-10110)\n\nJackson Davis discovered that the LambdaFormEditor class in\nthe Libraries component of OpenJDK did not correctly perform\nbounds checks in the permuteArgumentsForm() function. An\nattacker could use this to specially construct an untrusted\nJava application or applet that could escape sandbox\nrestrictions and possibly execute arbitrary code.\n(CVE-2017-10111)\n\nIt was discovered that a timing side-channel vulnerability\nexisted in the DSA implementation in OpenJDK. An attacker\ncould use this to expose sensitive information.\n(CVE-2017-10115)\n\nIt was discovered that the LDAP implementation in OpenJDK\nincorrectly followed references to non-LDAP URLs. An\nattacker could use this to specially craft an LDAP referral\nURL that exposes sensitive information or bypass access\nrestrictions. (CVE-2017-10116)\n\nIt was discovered that a timing side-channel vulnerability\nexisted in the ECDSA implementation in OpenJDK. An attacker\ncould use this to expose sensitive information.\n(CVE-2017-10118)\n\nIlya Maykov discovered that a timing side-channel\nvulnerability existed in the PKCS#8 implementation in\nOpenJDK. An attacker could use this to expose sensitive\ninformation. (CVE-2017-10135)\n\nIt was discovered that the Elliptic Curve (EC)\nimplementation in OpenJDK did not properly compute certain\nelliptic curve points. An attacker could use this to expose\nsensitive information. (CVE-2017-10176)\n\nIt was discovered that OpenJDK did not properly restrict\nweak key sizes in some situations. An attacker could use\nthis to specially construct an untrusted Java application or\napplet that could escape sandbox restrictions.\n(CVE-2017-10193)\n\nIt was discovered that OpenJDK did not properly enforce\ndisabled algorithm restrictions on X.509 certificate chains.\nAn attacker could use this to expose sensitive information\nor escape sandbox restrictions. (CVE-2017-10198)\n\nIt was discovered that OpenJDK did not properly perform\naccess control checks when handling Web Service Definition\nLanguage (WSDL) XML documents. An attacker could use this to\nexpose sensitive information. (CVE-2017-10243).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3366-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre\", pkgver:\"8u131-b11-2ubuntu1.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u131-b11-2ubuntu1.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-jamvm\", pkgver:\"8u131-b11-2ubuntu1.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u131-b11-2ubuntu1.16.04.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jre\", pkgver:\"8u131-b11-2ubuntu1.17.04.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jre-headless\", pkgver:\"8u131-b11-2ubuntu1.17.04.3\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"openjdk-8-jre-zero\", pkgver:\"8u131-b11-2ubuntu1.17.04.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openjdk-8-jre / openjdk-8-jre-headless / openjdk-8-jre-jamvm / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:16", "description": "An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n* Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)\n\n* It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)\n\n* It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak information. (CVE-2017-10243)\n\n* A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)\n\n* A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)\n\n* It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n* A flaw was found in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2017-10081)\n\n* It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory.\n(CVE-2017-10053)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2017-2424)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10135", "CVE-2017-10243"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-demo", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-devel", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-src", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-2424.NASL", "href": "https://www.tenable.com/plugins/nessus/119221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119221);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-10053\",\n \"CVE-2017-10067\",\n \"CVE-2017-10074\",\n \"CVE-2017-10081\",\n \"CVE-2017-10087\",\n \"CVE-2017-10089\",\n \"CVE-2017-10090\",\n \"CVE-2017-10096\",\n \"CVE-2017-10101\",\n \"CVE-2017-10102\",\n \"CVE-2017-10107\",\n \"CVE-2017-10108\",\n \"CVE-2017-10109\",\n \"CVE-2017-10110\",\n \"CVE-2017-10115\",\n \"CVE-2017-10116\",\n \"CVE-2017-10135\",\n \"CVE-2017-10243\"\n );\n\n script_name(english:\"Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2017-2424)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for java-1.7.0-openjdk is now available for Red Hat\nEnterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es) :\n\n* It was discovered that the DCG implementation in the RMI component\nof OpenJDK failed to correctly handle references. A remote attacker\ncould possibly use this flaw to execute arbitrary code with the\nprivileges of RMI registry or a Java RMI application. (CVE-2017-10102)\n\n* Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries,\nAWT, Hotspot, and Security components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to completely bypass Java\nsandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101,\nCVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10110,\nCVE-2017-10074, CVE-2017-10067)\n\n* It was discovered that the LDAPCertStore class in the Security\ncomponent of OpenJDK followed LDAP referrals to arbitrary URLs. A\nspecially crafted LDAP referral URL could cause LDAPCertStore to\ncommunicate with non-LDAP servers. (CVE-2017-10116)\n\n* It was discovered that the wsdlimport tool in the JAX-WS component\nof OpenJDK did not use secure XML parser settings when parsing WSDL\nXML documents. A specially crafted WSDL document could cause\nwsdlimport to use an excessive amount of CPU and memory, open\nconnections to other hosts, or leak information. (CVE-2017-10243)\n\n* A covert timing channel flaw was found in the DSA implementation in\nthe JCE component of OpenJDK. A remote attacker able to make a Java\napplication generate DSA signatures on demand could possibly use this\nflaw to extract certain information about the used key via a timing\nside channel. (CVE-2017-10115)\n\n* A covert timing channel flaw was found in the PKCS#8 implementation\nin the JCE component of OpenJDK. A remote attacker able to make a Java\napplication repeatedly compare PKCS#8 key against an attacker\ncontrolled value could possibly use this flaw to determine the key via\na timing side channel. (CVE-2017-10135)\n\n* It was discovered that the BasicAttribute and CodeSource classes in\nOpenJDK did not limit the amount of memory allocated when creating\nobject instances from a serialized form. A specially crafted\nserialized input stream could cause Java to consume an excessive\namount of memory. (CVE-2017-10108, CVE-2017-10109)\n\n* A flaw was found in the Hotspot component in OpenJDK. An untrusted\nJava application or applet could use this flaw to bypass certain Java\nsandbox restrictions. (CVE-2017-10081)\n\n* It was discovered that the JPEGImageReader implementation in the 2D\ncomponent of OpenJDK would, in certain cases, read all image data even\nif it was not used later. A specially crafted image could cause a Java\napplication to temporarily use an excessive amount of CPU and memory.\n(CVE-2017-10053)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2424.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dc4682bb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2424\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"java-1.7.0-openjdk-1.7.0.151-2.6.11.0.vl6\",\n \"java-1.7.0-openjdk-demo-1.7.0.151-2.6.11.0.vl6\",\n \"java-1.7.0-openjdk-devel-1.7.0.151-2.6.11.0.vl6\",\n \"java-1.7.0-openjdk-javadoc-1.7.0.151-2.6.11.0.vl6\",\n \"java-1.7.0-openjdk-src-1.7.0.151-2.6.11.0.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:40", "description": "An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 8 to version 8 Update 141.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243)", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:1790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2021-03-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2017-1790.NASL", "href": "https://www.tenable.com/plugins/nessus/101880", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1790. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101880);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10078\", \"CVE-2017-10081\", \"CVE-2017-10086\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10111\", \"CVE-2017-10114\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10193\", \"CVE-2017-10198\", \"CVE-2017-10243\");\n script_xref(name:\"RHSA\", value:\"2017:1790\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:1790)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 8 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 8 to version 8 Update 141.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page, listed in the References\nsection. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074,\nCVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087,\nCVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101,\nCVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108,\nCVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114,\nCVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135,\nCVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76f5def7\"\n );\n # http://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?755142b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10243\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1790\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-devel-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-javafx-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-plugin-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-oracle-src-1.8.0.141-1jpp.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.141-1jpp.1.el6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-1.8.0.141-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-devel-1.8.0.141-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-javafx-1.8.0.141-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-jdbc-1.8.0.141-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-plugin-1.8.0.141-1jpp.1.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-oracle-src-1.8.0.141-1jpp.1.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-oracle / java-1.8.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:39", "description": "The version of Oracle Java SE installed on the remote host is prior to 6 Update 161, 7 Update 151, or 8 Update 141, and is therefore affected by a flaw that is triggered during object deserialization. This may allow a remote attacker to exhaust available memory and potentially cause a crash. (CVE-2017-10108, CVE-2017-10109)\n\nThese versions of Java SE are also affected by multiple vulerabilities in the following components :\n\n 2D (CVE-2017-10053), AWT (CVE-2017-10110), Deployment (CVE-2017-10105), Deployment (CVE-2017-10125), Hotspot (CVE-2017-10074, CVE-2017-10081), ImageIO (CVE-2017-10089), JAX-WS (CVE-2017-10243), JAXP (CVE-2017-10096, CVE-2017-10101), JCE (CVE-2017-10115, CVE-2017-10118, CVE-2017-10135), JavaFX (CVE-2017-10086, CVE-2017-10114), Libraries (CVE-2017-10087, CVE-2017-10090, CVE-2017-10111), RMI (CVE-2017-10102, CVE-2017-10107), Scripting (CVE-2017-10067, CVE-2017-10078), Security (CVE-2017-10116, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198)", "cvss3": {}, "published": "2017-07-26T00:00:00", "type": "nessus", "title": "Oracle Java SE 6 < Update 161 / 7 < Update 151 / 8 < Update 141 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10078", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10111", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10125", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:oracle:java_se"], "id": "700165.PRM", "href": "https://www.tenable.com/plugins/nnm/700165", "sourceData": "Binary data 700165.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:56", "description": "An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 6 to version 6 SR16-FP50.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section.\n(CVE-2017-10053, CVE-2017-10067, CVE-2017-10087, CVE-2017-10089, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243)\n\nIBM Java SDK and JRE 6 will not receive software updates after September 2017. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 7 and 8 are available via the Red Hat Enterprise Linux 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section.\n\nCustomers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures.", "cvss3": {}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.6.0-ibm (RHSA-2017:2530)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10243"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-2530.NASL", "href": "https://www.tenable.com/plugins/nessus/102775", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2530. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102775);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10105\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10243\");\n script_xref(name:\"RHSA\", value:\"2017:2530\");\n\n script_name(english:\"RHEL 6 : java-1.6.0-ibm (RHSA-2017:2530)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.6.0-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 6 to version 6 SR16-FP50.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further\ninformation about these flaws can be found on the IBM Java Security\nVulnerabilities page listed in the References section.\n(CVE-2017-10053, CVE-2017-10067, CVE-2017-10087, CVE-2017-10089,\nCVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105,\nCVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110,\nCVE-2017-10115, CVE-2017-10116, CVE-2017-10243)\n\nIBM Java SDK and JRE 6 will not receive software updates after\nSeptember 2017. This date is referred to as the End of Service (EOS)\ndate. Customers are advised to migrate to current versions of IBM Java\nat this time. IBM Java SDK and JRE versions 7 and 8 are available via\nthe Red Hat Enterprise Linux 6 Supplementary content sets and will\ncontinue to receive updates based on IBM's lifecycle policy, linked to\nin the References section.\n\nCustomers can also consider OpenJDK, an open source implementation of\nthe Java SE specification. OpenJDK is available by default on\nsupported hardware architectures.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/lifecycle/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10243\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2530\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-demo / java-1.6.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:33", "description": "Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS and Ubuntu 17.04 have been updated to MySQL 5.7.19.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622 .html.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3529", "CVE-2017-3633", "CVE-2017-3634", "CVE-2017-3635", "CVE-2017-3636", "CVE-2017-3637", "CVE-2017-3638", "CVE-2017-3639", "CVE-2017-3640", "CVE-2017-3641", "CVE-2017-3642", "CVE-2017-3643", "CVE-2017-3644", "CVE-2017-3645", "CVE-2017-3647", "CVE-2017-3648", "CVE-2017-3649", "CVE-2017-3650", "CVE-2017-3651", "CVE-2017-3652", "CVE-2017-3653"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3357-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3357-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101892);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-3529\", \"CVE-2017-3633\", \"CVE-2017-3634\", \"CVE-2017-3635\", \"CVE-2017-3636\", \"CVE-2017-3637\", \"CVE-2017-3638\", \"CVE-2017-3639\", \"CVE-2017-3640\", \"CVE-2017-3641\", \"CVE-2017-3642\", \"CVE-2017-3643\", \"CVE-2017-3644\", \"CVE-2017-3645\", \"CVE-2017-3647\", \"CVE-2017-3648\", \"CVE-2017-3649\", \"CVE-2017-3650\", \"CVE-2017-3651\", \"CVE-2017-3652\", \"CVE-2017-3653\");\n script_xref(name:\"USN\", value:\"3357-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in MySQL and this update\nincludes new upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 5.5.57 in Ubuntu 14.04 LTS. Ubuntu 16.04 LTS\nand Ubuntu 17.04 have been updated to MySQL 5.7.19.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-57.html\nhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-19.html\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622\n.html.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3357-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected mysql-server-5.5 and / or mysql-server-5.7\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"mysql-server-5.5\", pkgver:\"5.5.57-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.19-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"mysql-server-5.7\", pkgver:\"5.7.19-0ubuntu0.17.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mysql-server-5.5 / mysql-server-5.7\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:26", "description": "It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053)\n\nIt was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests. An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067)\n\nIt was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code.\n(CVE-2017-10074)\n\nIt was discovered that OpenJDK did not properly process parentheses in function signatures. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081)\n\nIt was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087)\n\nIt was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions.\n(CVE-2017-10089)\n\nIt was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions.\n(CVE-2017-10090)\n\nIt was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks.\nAn attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions.\n(CVE-2017-10096)\n\nIt was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101)\n\nIt was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations. A remote attacker could possibly use this to execute arbitrary code.\n(CVE-2017-10102)\n\nIt was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107)\n\nIt was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108)\n\nIt was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109)\n\nIt was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks, An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110)\n\nIt was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10115)\n\nIt was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs. An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116)\n\nIt was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10118)\n\nIlya Maykov discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-10135)\n\nIt was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points. An attacker could use this to expose sensitive information.\n(CVE-2017-10176)\n\nIt was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents. An attacker could use this to expose sensitive information.\n(CVE-2017-10243).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-08-18T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10243"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3396-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102584", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3396-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102584);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-10053\", \"CVE-2017-10067\", \"CVE-2017-10074\", \"CVE-2017-10081\", \"CVE-2017-10087\", \"CVE-2017-10089\", \"CVE-2017-10090\", \"CVE-2017-10096\", \"CVE-2017-10101\", \"CVE-2017-10102\", \"CVE-2017-10107\", \"CVE-2017-10108\", \"CVE-2017-10109\", \"CVE-2017-10110\", \"CVE-2017-10115\", \"CVE-2017-10116\", \"CVE-2017-10118\", \"CVE-2017-10135\", \"CVE-2017-10176\", \"CVE-2017-10243\");\n script_xref(name:\"USN\", value:\"3396-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3396-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the JPEGImageReader class in OpenJDK would\nincorrectly read unused image data. An attacker could use this to\nspecially construct a jpeg image file that when opened by a Java\napplication would cause a denial of service. (CVE-2017-10053)\n\nIt was discovered that the JAR verifier in OpenJDK did not properly\nhandle archives containing files missing digests. An attacker could\nuse this to modify the signed contents of a JAR file. (CVE-2017-10067)\n\nIt was discovered that integer overflows existed in the Hotspot\ncomponent of OpenJDK when generating range check loop predicates. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions and cause\na denial of service or possibly execute arbitrary code.\n(CVE-2017-10074)\n\nIt was discovered that OpenJDK did not properly process parentheses in\nfunction signatures. An attacker could use this to specially construct\nan untrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2017-10081)\n\nIt was discovered that the ThreadPoolExecutor class in OpenJDK did not\nproperly perform access control checks when cleaning up threads. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions and\npossibly execute arbitrary code. (CVE-2017-10087)\n\nIt was discovered that the ServiceRegistry implementation in OpenJDK\ndid not perform access control checks in certain situations. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that escaped sandbox restrictions.\n(CVE-2017-10089)\n\nIt was discovered that the channel groups implementation in OpenJDK\ndid not properly perform access control checks in some situations. An\nattacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions.\n(CVE-2017-10090)\n\nIt was discovered that the DTM exception handling code in the JAXP\ncomponent of OpenJDK did not properly perform access control checks.\nAn attacker could use this to specially construct an untrusted Java\napplication or applet that could escape sandbox restrictions.\n(CVE-2017-10096)\n\nIt was discovered that the JAXP component of OpenJDK incorrectly\ngranted access to some internal resolvers. An attacker could use this\nto specially construct an untrusted Java application or applet that\ncould escape sandbox restrictions. (CVE-2017-10101)\n\nIt was discovered that the Distributed Garbage Collector (DGC) in\nOpenJDK did not properly track references in some situations. A remote\nattacker could possibly use this to execute arbitrary code.\n(CVE-2017-10102)\n\nIt was discovered that the Activation ID implementation in the RMI\ncomponent of OpenJDK did not properly check access control permissions\nin some situations. An attacker could use this to specially construct\nan untrusted Java application or applet that could escape sandbox\nrestrictions. (CVE-2017-10107)\n\nIt was discovered that the BasicAttribute class in OpenJDK did not\nproperly bound memory allocation when de-serializing objects. An\nattacker could use this to cause a denial of service (memory\nconsumption). (CVE-2017-10108)\n\nIt was discovered that the CodeSource class in OpenJDK did not\nproperly bound memory allocations when de-serializing object\ninstances. An attacker could use this to cause a denial of service\n(memory consumption). (CVE-2017-10109)\n\nIt was discovered that the AWT ImageWatched class in OpenJDK did not\nproperly perform access control checks, An attacker could use this to\nspecially construct an untrusted Java application or applet that could\nescape sandbox restrictions (CVE-2017-10110)\n\nIt was discovered that a timing side-channel vulnerability existed in\nthe DSA implementation in OpenJDK. An attacker could use this to\nexpose sensitive information. (CVE-2017-10115)\n\nIt was discovered that the LDAP implementation in OpenJDK incorrectly\nfollowed references to non-LDAP URLs. An attacker could use this to\nspecially craft an LDAP referral URL that exposes sensitive\ninformation or bypass access restrictions. (CVE-2017-10116)\n\nIt was discovered that a timing side-channel vulnerability existed in\nthe ECDSA implementation in OpenJDK. An attacker could use this to\nexpose sensitive information. (CVE-2017-10118)\n\nIlya Maykov discovered that a timing side-channel vulnerability\nexisted in the PKCS#8 implementation in OpenJDK. An attacker could use\nthis to expose sensitive information. (CVE-2017-10135)\n\nIt was discovered that the Elliptic Curve (EC) implementation in\nOpenJDK did not properly compute certain elliptic curve points. An\nattacker could use this to expose sensitive information.\n(CVE-2017-10176)\n\nIt was discovered that OpenJDK did not properly perform access control\nchecks when handling Web Service Definition Language (WSDL) XML\ndocuments. An attacker could use this to expose sensitive information.\n(CVE-2017-10243).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3396-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", v

Oracle Critical Patch Update Advisory - July 2017

Description

Related