DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2022-0437", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Critical Photon OS Security Update - PHSA-2022-0437", "description": "Updates of ['expat', 'vim'] packages of Photon OS have been released.\n", "published": "2022-02-04T00:00:00", "modified": "2022-02-04T00:00:00", "epss": [{"cve": "CVE-2021-3872", "epss": 0.00098, "percentile": 0.4055, "modified": "2023-11-27"}, {"cve": "CVE-2022-23990", "epss": 0.00319, "percentile": 0.6726, "modified": "2023-11-27"}, {"cve": "CVE-2023-34060", "epss": 0.00225, "percentile": 0.60608, "modified": "2023-11-27"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}, "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-437", "reporter": "Photon", "references": [], "cvelist": ["CVE-2021-3872", "CVE-2022-23990", "CVE-2023-34060"], "immutableFields": [], "lastseen": "2023-11-28T00:28:18", "viewCount": 12, "enchantments": {"backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0366"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-3872"]}, {"type": "amazon", "idList": ["ALAS2-2021-1728"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1636568811"]}, {"type": "cve", "idList": ["CVE-2021-3872", "CVE-2022-23990"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2904-1:6B1FD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3872", "DEBIANCVE:CVE-2022-23990"]}, {"type": "fedora", "idList": ["FEDORA:B14C530A6A1B"]}, {"type": "ibm", "idList": ["7FADB9AC7A16D1A265528BE40B3FF0B9E20AC83E8CDD1CC2CEF71A048ADB23E9"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1728.NASL", "CENTOS8_RHSA-2022-0366.NASL", "DEBIAN_DLA-2904.NASL", "EULEROS_SA-2022-1020.NASL", "EULEROS_SA-2022-1040.NASL", "ORACLELINUX_ELSA-2022-0366.NASL", "REDHAT-RHSA-2022-0366.NASL", "SUSE_SU-2022-0495-1.NASL", "SUSE_SU-2022-0498-1.NASL", "UBUNTU_USN-5147-1.NASL", "UBUNTU_USN-5288-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0366"]}, {"type": "photon", "idList": ["PHSA-2021-0121"]}, {"type": "redhat", "idList": ["RHSA-2022:0366", "RHSA-2022:0595"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3872", "RH:CVE-2022-23990"]}, {"type": "slackware", "idList": ["SSA-2022-027-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0498-1"]}, {"type": "ubuntu", "idList": ["USN-5147-1", "USN-5288-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3872", "UB:CVE-2022-23990"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["PYTHON_ADVISORY.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2022:0366", "ALSA-2022:7811"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-3872", "ALPINE:CVE-2022-23990"]}, {"type": "amazon", "idList": ["ALAS-2021-1728", "ALAS-2023-1882", "ALAS2-2021-1728", "ALAS2-2023-2280"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:6028", "CBLMARINER:8328", "CBLMARINER:8334"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:29416258BCC20226C39E7519726C2141"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1636568811", "CLSA-2021:1637673150", "CLSA-2022:1660762248"]}, {"type": "cnvd", "idList": ["CNVD-2022-05073", "CNVD-2022-18358"]}, {"type": "cve", "idList": ["CVE-2021-3872", "CVE-2022-23990", "CVE-2023-34060"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2904-1:6B1FD", "DEBIAN:DLA-2947-1:D6954", "DEBIAN:DSA-5073-1:5DBA9"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3872", "DEBIANCVE:CVE-2022-23990"]}, {"type": "fedora", "idList": ["FEDORA:30BBB312BAA9", "FEDORA:4863E3093F4C", "FEDORA:6614231CDAAA", "FEDORA:B14C530A6A1B"]}, {"type": "gentoo", "idList": ["GLSA-202208-32", "GLSA-202209-24"]}, {"type": "githubexploit", "idList": ["0F38D46E-C3B6-5F27-9475-DBF7F74668A7", "83517174-9759-52CB-8458-CAA51DE6014D"]}, {"type": "hivepro", "idList": ["HIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2"]}, {"type": "huntr", "idList": ["C958013B-1C09-4939-92CA-92F50AA169E8"]}, {"type": "ibm", "idList": ["11658B82943F87BF46821D82FF049F1A7AA8F106F757C115DA5FFA81528F34B4", "24B1AE073C3E8B032429754E1E35B7D96539587DDA275F7A13183F44D07B88D2", "282DD93A6E3023292EEECC5D5C71E8CA4F4BFF5C0BD568E1D9B9FF7EF5FE7E01", "286F1017E68DD9C537B3E204D4D56B4D99F84E2A48D5F1F80586AD9AE21FDA3E", "2CA75234CB8D0D99385B47DAFA6056AD41CFE09AABBEFA7926187EF15A001335", "3936B8A04EC944DAAF7257A17C68AFE8314E2CB24CE57A6D26C3F6B3465507AA", "67101C01C0A86209D9921850042EAF57B3DF03011AF513E21EC5D8AC221178BB", "7199608F6EB8549A244A7FADE8988B10FCD4A0AF0E4D56F74D57C92549DF269A", "74C4E670C7507D185593D212BA002D70A489B9A8CEDCBE7535320D7521666AC7", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7FADB9AC7A16D1A265528BE40B3FF0B9E20AC83E8CDD1CC2CEF71A048ADB23E9", "88F185B79FA515E1677CA12A0D4F93587D45F9DF0AEC81ADD4EB47D35E3D3634", "924B5201B90224D4E4FCB9036E1102CB7D5BE7A797128F15018694EEE4BF0091", "AF45AE274F3C5F79EF68E88411462F74F8E751163BD3F002A74B4BA937273A75", "B2BA9863226D06449093CA3EE1C2498952D69596D675FD326AEF0321DA9A7F25", "BA9B5D39E6CDB7E6135C0D40394302431395FF581B02B00FCF93D68DEE9C315B", "BBF0559C3F78F27F66312F1B19E01706BC9D31903F28A3C8BBB962D74D4C05D3", "C43852148A6225CFF816287E2B97F87D184192B94A22D197731A4C9BE8A9AD18", "CB976D35BF017123687D9AAA737C7F6FF7948965BCEB1082C1620386947D141C", "D56EBBD4671C81624AEF1C667DA00AAEE24DD2706C019B41D11E21168679B99D", "F3255C69CAE159B5EAA72A9B015DEA0E75B138B66DBE6175E93384AAD7A7BC3D"]}, {"type": "ics", "idList": ["ICSA-22-167-17", "ICSA-23-278-01"]}, {"type": "mageia", "idList": ["MGASA-2021-0535", "MGASA-2022-0048"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:0A61417A438C7DDFAF7749BDD909CF11"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-232.NASL", "AL2023_ALAS2023-2023-058.NASL", "AL2_ALAS-2021-1728.NASL", "AL2_ALAS-2023-2280.NASL", "ALA_ALAS-2023-1882.NASL", "ALMA_LINUX_ALSA-2022-0366.NASL", "ALMA_LINUX_ALSA-2022-7811.NASL", "CENTOS8_RHSA-2022-0366.NASL", "DEBIAN_DLA-2904.NASL", "DEBIAN_DLA-2947.NASL", "DEBIAN_DSA-5073.NASL", "EULEROS_SA-2021-2817.NASL", "EULEROS_SA-2021-2845.NASL", "EULEROS_SA-2021-2937.NASL", "EULEROS_SA-2022-1020.NASL", "EULEROS_SA-2022-1040.NASL", "EULEROS_SA-2022-1054.NASL", "EULEROS_SA-2022-1153.NASL", "EULEROS_SA-2022-1193.NASL", "EULEROS_SA-2022-1217.NASL", "EULEROS_SA-2022-1236.NASL", "EULEROS_SA-2022-1389.NASL", "EULEROS_SA-2022-1415.NASL", "EULEROS_SA-2022-1425.NASL", "EULEROS_SA-2022-1446.NASL", "EULEROS_SA-2022-1529.NASL", "EULEROS_SA-2022-1562.NASL", "EULEROS_SA-2022-1605.NASL", "EULEROS_SA-2022-1628.NASL", "EULEROS_SA-2022-1645.NASL", "EULEROS_SA-2022-1659.NASL", "EULEROS_SA-2022-1679.NASL", "EULEROS_SA-2022-1699.NASL", "EULEROS_SA-2022-1716.NASL", "EULEROS_SA-2022-1774.NASL", "EULEROS_SA-2022-2022.NASL", "EULEROS_SA-2022-2050.NASL", "EULEROS_SA-2022-2495.NASL", "EULEROS_SA-2022-2555.NASL", "EULEROS_SA-2023-1053.NASL", "EULEROS_SA-2023-1060.NASL", "EULEROS_SA-2023-1252.NASL", "EULEROS_SA-2023-1303.NASL", "GENTOO_GLSA-202208-32.NASL", "GENTOO_GLSA-202209-24.NASL", "NESSUS_TNS-2022-11.NASL", "NESSUS_TNS-2022-12.NASL", "NESSUS_TNS_2022_05.NASL", "NNM_6_2_1.NASL", "OPENSUSE-2022-0498-1.NASL", "OPENSUSE-2022-0736-1.NASL", "ORACLELINUX_ELSA-2022-0366.NASL", "ORACLELINUX_ELSA-2022-9227.NASL", "ORACLELINUX_ELSA-2022-9232.NASL", "REDHAT-RHSA-2022-0366.NASL", "REDHAT-RHSA-2022-7143.NASL", "REDHAT-RHSA-2022-7811.NASL", "ROCKY_LINUX_RLSA-2022-0366.NASL", "ROCKY_LINUX_RLSA-2022-7811.NASL", "SUSE_SU-2022-0495-1.NASL", "SUSE_SU-2022-0498-1.NASL", "SUSE_SU-2022-0736-1.NASL", "SUSE_SU-2022-14884-1.NASL", "SUSE_SU-2022-2102-1.NASL", "SUSE_SU-2022-4619-1.NASL", "UBUNTU_USN-5147-1.NASL", "UBUNTU_USN-5288-1.NASL", "VMWARE_CLOUD_DIRECTOR_VMSA-2023-0026.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUOCT2022", "ORACLE:CPUOCT2023"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0366", "ELSA-2022-9227", "ELSA-2022-9232"]}, {"type": "osv", "idList": ["OSV:ASB-A-221256678", "OSV:CVE-2022-23990", "OSV:DSA-5073-1"]}, {"type": "photon", "idList": ["PHSA-2016-0006", "PHSA-2016-0007", "PHSA-2017-0001", "PHSA-2017-0002", "PHSA-2017-0003", "PHSA-2017-0004", "PHSA-2017-0005", "PHSA-2017-0006", "PHSA-2017-0007", "PHSA-2017-0008", "PHSA-2017-0010", "PHSA-2017-0016", "PHSA-2017-0022", "PHSA-2017-0026", "PHSA-2017-0031", "PHSA-2017-0035", "PHSA-2017-0037", "PHSA-2017-0038", "PHSA-2017-0040", "PHSA-2017-0041", "PHSA-2017-0042", "PHSA-2017-0044", "PHSA-2017-0048", "PHSA-2017-0049", "PHSA-2017-0051", "PHSA-2017-0052", "PHSA-2017-0053", "PHSA-2017-0054", "PHSA-2017-0055", "PHSA-2017-0057", "PHSA-2017-0061", "PHSA-2017-0062", "PHSA-2017-0063", "PHSA-2017-0065", "PHSA-2017-0066", "PHSA-2017-0067", "PHSA-2017-0070", "PHSA-2017-0074", "PHSA-2017-0075", "PHSA-2017-0076", "PHSA-2017-0077", "PHSA-2017-0078", "PHSA-2017-0079", "PHSA-2017-0080", "PHSA-2017-0082", "PHSA-2017-0083", "PHSA-2017-0084", "PHSA-2017-0087", "PHSA-2017-0088", "PHSA-2017-0090", "PHSA-2017-0091", "PHSA-2017-0093", "PHSA-2017-0095", "PHSA-2018-0009", "PHSA-2018-0010", "PHSA-2018-0011", "PHSA-2018-0012", "PHSA-2018-0013", "PHSA-2018-0014", "PHSA-2018-0015", "PHSA-2018-0016", "PHSA-2018-0017", "PHSA-2018-0018", "PHSA-2018-0020", "PHSA-2018-0021", "PHSA-2018-0026", "PHSA-2018-0028", "PHSA-2018-0029", "PHSA-2018-0031", "PHSA-2018-0033", "PHSA-2018-0034", "PHSA-2018-0037", "PHSA-2018-0039", "PHSA-2018-0040", "PHSA-2018-0041", "PHSA-2018-0042", "PHSA-2018-0043", "PHSA-2018-0044", "PHSA-2018-0048", "PHSA-2018-0049", "PHSA-2018-0050", "PHSA-2018-0052", "PHSA-2018-0053", "PHSA-2018-0058", "PHSA-2018-0060", "PHSA-2018-0062", "PHSA-2018-0064", "PHSA-2018-0065", "PHSA-2018-0066", "PHSA-2018-0067", "PHSA-2018-0068", "PHSA-2018-0070", "PHSA-2018-0072", "PHSA-2018-0073", "PHSA-2018-0074", "PHSA-2018-0075", "PHSA-2018-0076", "PHSA-2018-0077", "PHSA-2018-0078", "PHSA-2018-0079", "PHSA-2018-0080", "PHSA-2018-0082", "PHSA-2018-0083", "PHSA-2018-0084", "PHSA-2018-0086", "PHSA-2018-0087", "PHSA-2018-0088", "PHSA-2018-0089", "PHSA-2018-0091", "PHSA-2018-0093", "PHSA-2018-0096", "PHSA-2018-0097", "PHSA-2018-0098", "PHSA-2018-0099", "PHSA-2018-0100", "PHSA-2018-0101", "PHSA-2018-0102", "PHSA-2018-0103", "PHSA-2018-0104", "PHSA-2018-0105", "PHSA-2018-0106", "PHSA-2018-0107", "PHSA-2018-0108", "PHSA-2018-0109", "PHSA-2018-0110", "PHSA-2018-0111", "PHSA-2018-0112", "PHSA-2018-0113", "PHSA-2018-0116", "PHSA-2018-0117", "PHSA-2018-0119", "PHSA-2018-0122", "PHSA-2018-0123", "PHSA-2018-0124", "PHSA-2018-0125", "PHSA-2018-0126", "PHSA-2018-0129", "PHSA-2018-0130", "PHSA-2018-0132", "PHSA-2018-0133", "PHSA-2018-0134", "PHSA-2018-0135", "PHSA-2018-0140", "PHSA-2018-0142", "PHSA-2018-0144", "PHSA-2018-0145", "PHSA-2018-0148", "PHSA-2018-0149", "PHSA-2018-0150", "PHSA-2018-0151", "PHSA-2018-0153", "PHSA-2018-0154", "PHSA-2018-0155", "PHSA-2018-0156", "PHSA-2018-0158", "PHSA-2018-0159", "PHSA-2018-0160", "PHSA-2018-0161", "PHSA-2018-0164", "PHSA-2018-0165", "PHSA-2018-0167", "PHSA-2018-0169", "PHSA-2018-0170", "PHSA-2018-0171", "PHSA-2018-0173", "PHSA-2018-0174", "PHSA-2018-0175", "PHSA-2018-0176", "PHSA-2018-0177", "PHSA-2018-0178", "PHSA-2018-0180", "PHSA-2018-0181", "PHSA-2018-0182", "PHSA-2018-0184", "PHSA-2018-0185", "PHSA-2018-0186", "PHSA-2018-0189", "PHSA-2018-0190", "PHSA-2018-0192", "PHSA-2018-0193", "PHSA-2018-0194", "PHSA-2018-0196", "PHSA-2018-0198", "PHSA-2018-0199", "PHSA-2018-0201", "PHSA-2019-0117", "PHSA-2019-0118", "PHSA-2019-0119", "PHSA-2019-0120", "PHSA-2019-0121", "PHSA-2019-0122", "PHSA-2019-0124", "PHSA-2019-0125", "PHSA-2019-0126", "PHSA-2019-0128", "PHSA-2019-0130", "PHSA-2019-0131", "PHSA-2019-0132", "PHSA-2019-0134", "PHSA-2019-0135", "PHSA-2019-0136", "PHSA-2019-0137", "PHSA-2019-0138", "PHSA-2019-0139", "PHSA-2019-0140", "PHSA-2019-0141", "PHSA-2019-0142", "PHSA-2019-0145", "PHSA-2019-0146", "PHSA-2019-0147", "PHSA-2019-0148", "PHSA-2019-0149", "PHSA-2019-0150", "PHSA-2019-0151", "PHSA-2019-0152", "PHSA-2019-0153", "PHSA-2019-0154", "PHSA-2019-0155", "PHSA-2019-0157", "PHSA-2019-0159", "PHSA-2019-0160", "PHSA-2019-0161", "PHSA-2019-0162", "PHSA-2019-0163", "PHSA-2019-0164", "PHSA-2019-0165", "PHSA-2019-0166", "PHSA-2019-0167", "PHSA-2019-0168", "PHSA-2019-0171", "PHSA-2019-0172", "PHSA-2019-0173", "PHSA-2019-0175", "PHSA-2019-0176", "PHSA-2019-0177", "PHSA-2019-0178", "PHSA-2019-0181", "PHSA-2019-0182", "PHSA-2019-0183", "PHSA-2019-0184", "PHSA-2019-0185", "PHSA-2019-0186", "PHSA-2019-0187", "PHSA-2019-0189", "PHSA-2019-0190", "PHSA-2019-0191", "PHSA-2019-0192", "PHSA-2019-0193", "PHSA-2019-0194", "PHSA-2019-0195", "PHSA-2019-0196", "PHSA-2019-0197", "PHSA-2019-0198", "PHSA-2019-0199", "PHSA-2019-0202", "PHSA-2019-0203", "PHSA-2019-0204", "PHSA-2019-0205", "PHSA-2019-0206", "PHSA-2019-0207", "PHSA-2019-0208", "PHSA-2019-0209", "PHSA-2019-0211", "PHSA-2019-0212", "PHSA-2019-0213", "PHSA-2019-0214", "PHSA-2019-0215", "PHSA-2019-0216", "PHSA-2019-0218", "PHSA-2019-0220", "PHSA-2019-0221", "PHSA-2019-0222", "PHSA-2019-0223", "PHSA-2019-0224", "PHSA-2019-0225", "PHSA-2019-0226", "PHSA-2019-0227", "PHSA-2019-0228", "PHSA-2019-0229", "PHSA-2019-0230", "PHSA-2019-0231", "PHSA-2019-0232", "PHSA-2019-0234", "PHSA-2019-0235", "PHSA-2019-0236", "PHSA-2019-0237", "PHSA-2019-0239", "PHSA-2019-0240", "PHSA-2019-0241", "PHSA-2019-0242", "PHSA-2019-0243", "PHSA-2019-0244", "PHSA-2019-0245", "PHSA-2019-0246", "PHSA-2019-0247", "PHSA-2019-0248", "PHSA-2019-0249", "PHSA-2019-0250", "PHSA-2019-0251", "PHSA-2019-0252", "PHSA-2019-0253", "PHSA-2019-0254", "PHSA-2019-0255", "PHSA-2019-0256", "PHSA-2019-0257", "PHSA-2019-0259", "PHSA-2019-0260", "PHSA-2019-0261", "PHSA-2019-0262", "PHSA-2019-0263", "PHSA-2019-3.0-0001", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0003", "PHSA-2019-3.0-0004", "PHSA-2019-3.0-0006", "PHSA-2019-3.0-0007", "PHSA-2019-3.0-0008", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0010", "PHSA-2019-3.0-0011", "PHSA-2019-3.0-0012", "PHSA-2019-3.0-0013", "PHSA-2019-3.0-0014", "PHSA-2019-3.0-0015", "PHSA-2019-3.0-0016", "PHSA-2019-3.0-0017", "PHSA-2019-3.0-0018", "PHSA-2019-3.0-0019", "PHSA-2019-3.0-0020", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0022", "PHSA-2019-3.0-0023", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0025", "PHSA-2019-3.0-0026", "PHSA-2019-3.0-0027", "PHSA-2019-3.0-0028", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0031", "PHSA-2019-3.0-0032", "PHSA-2019-3.0-0033", "PHSA-2019-3.0-0034", "PHSA-2019-3.0-0035", "PHSA-2019-3.0-0036", "PHSA-2019-3.0-0037", "PHSA-2019-3.0-0038", "PHSA-2019-3.0-0039", "PHSA-2019-3.0-0041", "PHSA-2019-3.0-0043", "PHSA-2019-3.0-0044", "PHSA-2019-3.0-0045", "PHSA-2019-3.0-0046", "PHSA-2020-0200", "PHSA-2020-0201", "PHSA-2020-0202", "PHSA-2020-0203", "PHSA-2020-0204", "PHSA-2020-0205", "PHSA-2020-0207", "PHSA-2020-0208", "PHSA-2020-0209", "PHSA-2020-0210", "PHSA-2020-0211", "PHSA-2020-0212", "PHSA-2020-0213", "PHSA-2020-0214", "PHSA-2020-0216", "PHSA-2020-0217", "PHSA-2020-0218", "PHSA-2020-0219", "PHSA-2020-0220", "PHSA-2020-0221", "PHSA-2020-0222", "PHSA-2020-0223", "PHSA-2020-0224", "PHSA-2020-0225", "PHSA-2020-0226", "PHSA-2020-0227", "PHSA-2020-0228", "PHSA-2020-0229", "PHSA-2020-0230", "PHSA-2020-0231", "PHSA-2020-0233", "PHSA-2020-0234", "PHSA-2020-0235", "PHSA-2020-0236", "PHSA-2020-0237", "PHSA-2020-0238", "PHSA-2020-0239", "PHSA-2020-0240", "PHSA-2020-0241", "PHSA-2020-0242", "PHSA-2020-0243", "PHSA-2020-0244", "PHSA-2020-0245", "PHSA-2020-0246", "PHSA-2020-0247", "PHSA-2020-0248", "PHSA-2020-0249", "PHSA-2020-0251", "PHSA-2020-0252", "PHSA-2020-0253", "PHSA-2020-0254", "PHSA-2020-0255", "PHSA-2020-0256", "PHSA-2020-0257", "PHSA-2020-0258", "PHSA-2020-0259", "PHSA-2020-0260", "PHSA-2020-0261", "PHSA-2020-0262", "PHSA-2020-0263", "PHSA-2020-0264", "PHSA-2020-0265", "PHSA-2020-0266", "PHSA-2020-0267", "PHSA-2020-0268", "PHSA-2020-0269", "PHSA-2020-0270", "PHSA-2020-0271", "PHSA-2020-0272", "PHSA-2020-0273", "PHSA-2020-0274", "PHSA-2020-0275", "PHSA-2020-0276", "PHSA-2020-0277", "PHSA-2020-0278", "PHSA-2020-0279", "PHSA-2020-0280", "PHSA-2020-0281", "PHSA-2020-0282", "PHSA-2020-0283", "PHSA-2020-0284", "PHSA-2020-0285", "PHSA-2020-0286", "PHSA-2020-0287", "PHSA-2020-0288", "PHSA-2020-0289", "PHSA-2020-0290", "PHSA-2020-0291", "PHSA-2020-0292", "PHSA-2020-0293", "PHSA-2020-0294", "PHSA-2020-0295", "PHSA-2020-0296", "PHSA-2020-0297", "PHSA-2020-0298", "PHSA-2020-0299", "PHSA-2020-0300", "PHSA-2020-0301", "PHSA-2020-0302", "PHSA-2020-0303", "PHSA-2020-0304", "PHSA-2020-0305", "PHSA-2020-0306", "PHSA-2020-0307", "PHSA-2020-0308", "PHSA-2020-0309", "PHSA-2020-0310", "PHSA-2020-0311", "PHSA-2020-0312", "PHSA-2020-0313", "PHSA-2020-0314", "PHSA-2020-0315", "PHSA-2020-0316", "PHSA-2020-0318", "PHSA-2020-0319", "PHSA-2020-0320", "PHSA-2020-0321", "PHSA-2020-0322", "PHSA-2020-0323", "PHSA-2020-0324", "PHSA-2020-0325", "PHSA-2020-0326", "PHSA-2020-0327", "PHSA-2020-0328", "PHSA-2020-0329", "PHSA-2020-0330", "PHSA-2020-0331", "PHSA-2020-0332", "PHSA-2020-0333", "PHSA-2020-0334", "PHSA-2020-0335", "PHSA-2020-0338", "PHSA-2020-0339", "PHSA-2020-0340", "PHSA-2020-0343", "PHSA-2020-0345", "PHSA-2020-0346", "PHSA-2020-0348", "PHSA-2020-0349", "PHSA-2020-0350", "PHSA-2020-3.0-0047", "PHSA-2020-3.0-0048", "PHSA-2020-3.0-0049", "PHSA-2020-3.0-0051", "PHSA-2020-3.0-0052", "PHSA-2020-3.0-0053", "PHSA-2020-3.0-0054", "PHSA-2020-3.0-0055", "PHSA-2020-3.0-0057", "PHSA-2020-3.0-0058", "PHSA-2020-3.0-0059", "PHSA-2020-3.0-0060", "PHSA-2020-3.0-0063", "PHSA-2020-3.0-0065", "PHSA-2020-3.0-0067", "PHSA-2020-3.0-0068", "PHSA-2020-3.0-0069", "PHSA-2020-3.0-0072", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0077", "PHSA-2020-3.0-0078", "PHSA-2020-3.0-0079", "PHSA-2020-3.0-0080", "PHSA-2020-3.0-0081", "PHSA-2020-3.0-0082", "PHSA-2020-3.0-0083", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0085", "PHSA-2020-3.0-0086", "PHSA-2020-3.0-0087", "PHSA-2020-3.0-0088", "PHSA-2020-3.0-0089", "PHSA-2020-3.0-0090", "PHSA-2020-3.0-0091", "PHSA-2020-3.0-0093", "PHSA-2020-3.0-0096", "PHSA-2020-3.0-0097", "PHSA-2020-3.0-0098", "PHSA-2020-3.0-0099", "PHSA-2020-3.0-0100", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0102", "PHSA-2020-3.0-0103", "PHSA-2020-3.0-0104", "PHSA-2020-3.0-0105", "PHSA-2020-3.0-0106", "PHSA-2020-3.0-0108", "PHSA-2020-3.0-0109", "PHSA-2020-3.0-0111", "PHSA-2020-3.0-0113", "PHSA-2020-3.0-0114", "PHSA-2020-3.0-0115", "PHSA-2020-3.0-0116", "PHSA-2020-3.0-0118", "PHSA-2020-3.0-0119", "PHSA-2020-3.0-0120", "PHSA-2020-3.0-0123", "PHSA-2020-3.0-0125", "PHSA-2020-3.0-0126", "PHSA-2020-3.0-0127", "PHSA-2020-3.0-0129", "PHSA-2020-3.0-0130", "PHSA-2020-3.0-0131", "PHSA-2020-3.0-0133", "PHSA-2020-3.0-0134", "PHSA-2020-3.0-0135", "PHSA-2020-3.0-0137", "PHSA-2020-3.0-0138", "PHSA-2020-3.0-0139", "PHSA-2020-3.0-0140", "PHSA-2020-3.0-0141", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0144", "PHSA-2020-3.0-0145", "PHSA-2020-3.0-0146", "PHSA-2020-3.0-0147", "PHSA-2020-3.0-0150", "PHSA-2020-3.0-0151", "PHSA-2020-3.0-0152", "PHSA-2020-3.0-0153", "PHSA-2020-3.0-0155", "PHSA-2020-3.0-0158", "PHSA-2020-3.0-0160", "PHSA-2020-3.0-0161", "PHSA-2020-3.0-0162", "PHSA-2020-3.0-0163", "PHSA-2020-3.0-0164", "PHSA-2020-3.0-0165", "PHSA-2020-3.0-0166", "PHSA-2020-3.0-0168", "PHSA-2020-3.0-0171", "PHSA-2020-3.0-0172", "PHSA-2020-3.0-0173", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0175", "PHSA-2020-3.0-0176", "PHSA-2020-3.0-0177", "PHSA-2020-3.0-0179", "PHSA-2020-3.0-0180", "PHSA-2021-0121", "PHSA-2021-0308", "PHSA-2021-0310", "PHSA-2021-0312", "PHSA-2021-0313", "PHSA-2021-0314", "PHSA-2021-0315", "PHSA-2021-0317", "PHSA-2021-0318", "PHSA-2021-0319", "PHSA-2021-0320", "PHSA-2021-0321", "PHSA-2021-0322", "PHSA-2021-0323", "PHSA-2021-0325", "PHSA-2021-0326", "PHSA-2021-0327", "PHSA-2021-0328", "PHSA-2021-0329", "PHSA-2021-0330", "PHSA-2021-0331", "PHSA-2021-0332", "PHSA-2021-0333", "PHSA-2021-0334", "PHSA-2021-0335", "PHSA-2021-0336", "PHSA-2021-0337", "PHSA-2021-0338", "PHSA-2021-0339", "PHSA-2021-0340", "PHSA-2021-0341", "PHSA-2021-0342", "PHSA-2021-0343", "PHSA-2021-0344", "PHSA-2021-0347", "PHSA-2021-0348", "PHSA-2021-0349", "PHSA-2021-0350", "PHSA-2021-0351", "PHSA-2021-0352", "PHSA-2021-0353", "PHSA-2021-0354", "PHSA-2021-0355", "PHSA-2021-0356", "PHSA-2021-0357", "PHSA-2021-0358", "PHSA-2021-0359", "PHSA-2021-0360", "PHSA-2021-0361", "PHSA-2021-0362", "PHSA-2021-0363", "PHSA-2021-0364", "PHSA-2021-0365", "PHSA-2021-0366", "PHSA-2021-0367", "PHSA-2021-0368", "PHSA-2021-0369", "PHSA-2021-0370", "PHSA-2021-0371", "PHSA-2021-0372", "PHSA-2021-0373", "PHSA-2021-0374", "PHSA-2021-0375", "PHSA-2021-0376", "PHSA-2021-0377", "PHSA-2021-0378", "PHSA-2021-0379", "PHSA-2021-0380", "PHSA-2021-0381", "PHSA-2021-0382", "PHSA-2021-0383", "PHSA-2021-0384", "PHSA-2021-0385", "PHSA-2021-0386", "PHSA-2021-0387", "PHSA-2021-0388", "PHSA-2021-0390", "PHSA-2021-0391", "PHSA-2021-0392", "PHSA-2021-0393", "PHSA-2021-0394", "PHSA-2021-0395", "PHSA-2021-0396", "PHSA-2021-0397", "PHSA-2021-0398", "PHSA-2021-0399", "PHSA-2021-0400", "PHSA-2021-0401", "PHSA-2021-0402", "PHSA-2021-0403", "PHSA-2021-0404", "PHSA-2021-0405", "PHSA-2021-0406", "PHSA-2021-0407", "PHSA-2021-0408", "PHSA-2021-0409", "PHSA-2021-0410", "PHSA-2021-0412", "PHSA-2021-0413", "PHSA-2021-0414", "PHSA-2021-0415", "PHSA-2021-0416", "PHSA-2021-0417", "PHSA-2021-0418", "PHSA-2021-0419", "PHSA-2021-0420", "PHSA-2021-0421", "PHSA-2021-0422", "PHSA-2021-0423", "PHSA-2021-0424", "PHSA-2021-0426", "PHSA-2021-0427", "PHSA-2021-0428", "PHSA-2021-0429", "PHSA-2021-0430", "PHSA-2021-0431", "PHSA-2021-0432", "PHSA-2021-0433", "PHSA-2021-0434", "PHSA-2021-0435", "PHSA-2021-0436", "PHSA-2021-0437", "PHSA-2021-0438", "PHSA-2021-0439", "PHSA-2021-0440", "PHSA-2021-0442", "PHSA-2021-0443", "PHSA-2021-0444", "PHSA-2021-0445", "PHSA-2021-0446", "PHSA-2021-0447", "PHSA-2021-0448", "PHSA-2021-0449", "PHSA-2021-0452", "PHSA-2021-0454", "PHSA-2021-0455", "PHSA-2021-0458", "PHSA-2021-0459", "PHSA-2021-0461", "PHSA-2021-3.0-0181", "PHSA-2021-3.0-0182", "PHSA-2021-3.0-0185", "PHSA-2021-3.0-0186", "PHSA-2021-3.0-0188", "PHSA-2021-3.0-0189", "PHSA-2021-3.0-0190", "PHSA-2021-3.0-0192", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0196", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0200", "PHSA-2021-3.0-0201", "PHSA-2021-3.0-0202", "PHSA-2021-3.0-0203", "PHSA-2021-3.0-0204", "PHSA-2021-3.0-0207", "PHSA-2021-3.0-0208", "PHSA-2021-3.0-0209", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0213", "PHSA-2021-3.0-0214", "PHSA-2021-3.0-0215", "PHSA-2021-3.0-0219", "PHSA-2021-3.0-0220", "PHSA-2021-3.0-0221", "PHSA-2021-3.0-0223", "PHSA-2021-3.0-0226", "PHSA-2021-3.0-0227", "PHSA-2021-3.0-0228", "PHSA-2021-3.0-0229", "PHSA-2021-3.0-0230", "PHSA-2021-3.0-0231", "PHSA-2021-3.0-0232", "PHSA-2021-3.0-0233", "PHSA-2021-3.0-0234", "PHSA-2021-3.0-0235", "PHSA-2021-3.0-0236", "PHSA-2021-3.0-0237", "PHSA-2021-3.0-0239", "PHSA-2021-3.0-0240", "PHSA-2021-3.0-0241", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0244", "PHSA-2021-3.0-0246", "PHSA-2021-3.0-0247", "PHSA-2021-3.0-0248", "PHSA-2021-3.0-0249", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0253", "PHSA-2021-3.0-0254", "PHSA-2021-3.0-0255", "PHSA-2021-3.0-0257", "PHSA-2021-3.0-0258", "PHSA-2021-3.0-0259", "PHSA-2021-3.0-0261", "PHSA-2021-3.0-0262", "PHSA-2021-3.0-0263", "PHSA-2021-3.0-0265", "PHSA-2021-3.0-0266", "PHSA-2021-3.0-0268", "PHSA-2021-3.0-0269", "PHSA-2021-3.0-0270", "PHSA-2021-3.0-0272", "PHSA-2021-3.0-0273", "PHSA-2021-3.0-0274", "PHSA-2021-3.0-0276", "PHSA-2021-3.0-0277", "PHSA-2021-3.0-0278", "PHSA-2021-3.0-0279", "PHSA-2021-3.0-0280", "PHSA-2021-3.0-0281", "PHSA-2021-3.0-0282", "PHSA-2021-3.0-0283", "PHSA-2021-3.0-0286", "PHSA-2021-3.0-0288", "PHSA-2021-3.0-0290", "PHSA-2021-3.0-0292", "PHSA-2021-3.0-0293", "PHSA-2021-3.0-0294", "PHSA-2021-3.0-0295", "PHSA-2021-3.0-0298", "PHSA-2021-3.0-0299", "PHSA-2021-3.0-0300", "PHSA-2021-3.0-0301", "PHSA-2021-3.0-0302", "PHSA-2021-3.0-0303", "PHSA-2021-3.0-0305", "PHSA-2021-3.0-0308", "PHSA-2021-3.0-0309", "PHSA-2021-3.0-0311", "PHSA-2021-3.0-0312", "PHSA-2021-3.0-0313", "PHSA-2021-3.0-0314", "PHSA-2021-3.0-0316", "PHSA-2021-3.0-0320", "PHSA-2021-3.0-0321", "PHSA-2021-3.0-0322", "PHSA-2021-3.0-0324", "PHSA-2021-3.0-0325", "PHSA-2021-3.0-0327", "PHSA-2021-3.0-0334", "PHSA-2021-3.0-0336", "PHSA-2021-3.0-0337", "PHSA-2021-3.0-0338", "PHSA-2021-3.0-0341", "PHSA-2021-3.0-0342", "PHSA-2021-3.0-0344", "PHSA-2021-3.0-0345", "PHSA-2021-3.0-0346", "PHSA-2021-4.0-0001", "PHSA-2021-4.0-0003", "PHSA-2021-4.0-0004", "PHSA-2021-4.0-0005", "PHSA-2021-4.0-0006", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0008", "PHSA-2021-4.0-0009", "PHSA-2021-4.0-0010", "PHSA-2021-4.0-0011", "PHSA-2021-4.0-0012", "PHSA-2021-4.0-0013", "PHSA-2021-4.0-0014", "PHSA-2021-4.0-0015", "PHSA-2021-4.0-0016", "PHSA-2021-4.0-0017", "PHSA-2021-4.0-0018", "PHSA-2021-4.0-0019", "PHSA-2021-4.0-0022", "PHSA-2021-4.0-0023", "PHSA-2021-4.0-0024", "PHSA-2021-4.0-0026", "PHSA-2021-4.0-0027", "PHSA-2021-4.0-0028", "PHSA-2021-4.0-0029", "PHSA-2021-4.0-0030", "PHSA-2021-4.0-0031", "PHSA-2021-4.0-0032", "PHSA-2021-4.0-0033", "PHSA-2021-4.0-0034", "PHSA-2021-4.0-0035", "PHSA-2021-4.0-0036", "PHSA-2021-4.0-0037", "PHSA-2021-4.0-0038", "PHSA-2021-4.0-0039", "PHSA-2021-4.0-0041", "PHSA-2021-4.0-0043", "PHSA-2021-4.0-0046", "PHSA-2021-4.0-0047", "PHSA-2021-4.0-0048", "PHSA-2021-4.0-0050", "PHSA-2021-4.0-0051", "PHSA-2021-4.0-0052", "PHSA-2021-4.0-0054", "PHSA-2021-4.0-0055", "PHSA-2021-4.0-0058", "PHSA-2021-4.0-0059", "PHSA-2021-4.0-0060", "PHSA-2021-4.0-0062", "PHSA-2021-4.0-0063", "PHSA-2021-4.0-0064", "PHSA-2021-4.0-0065", "PHSA-2021-4.0-0066", "PHSA-2021-4.0-0068", "PHSA-2021-4.0-0069", "PHSA-2021-4.0-0072", "PHSA-2021-4.0-0073", "PHSA-2021-4.0-0074", "PHSA-2021-4.0-0075", "PHSA-2021-4.0-0076", "PHSA-2021-4.0-0077", "PHSA-2021-4.0-0078", "PHSA-2021-4.0-0079", "PHSA-2021-4.0-0081", "PHSA-2021-4.0-0083", "PHSA-2021-4.0-0084", "PHSA-2021-4.0-0085", "PHSA-2021-4.0-0086", "PHSA-2021-4.0-0090", "PHSA-2021-4.0-0091", "PHSA-2021-4.0-0092", "PHSA-2021-4.0-0093", "PHSA-2021-4.0-0094", "PHSA-2021-4.0-0095", "PHSA-2021-4.0-0096", "PHSA-2021-4.0-0099", "PHSA-2021-4.0-0100", "PHSA-2021-4.0-0101", "PHSA-2021-4.0-0102", "PHSA-2021-4.0-0104", "PHSA-2021-4.0-0105", "PHSA-2021-4.0-0109", "PHSA-2021-4.0-0110", "PHSA-2021-4.0-0112", "PHSA-2021-4.0-0113", "PHSA-2021-4.0-0115", "PHSA-2021-4.0-0116", "PHSA-2021-4.0-0118", "PHSA-2021-4.0-0119", "PHSA-2021-4.0-0121", "PHSA-2021-4.0-0122", "PHSA-2021-4.0-0123", "PHSA-2021-4.0-0124", "PHSA-2021-4.0-0126", "PHSA-2021-4.0-0127", "PHSA-2021-4.0-0129", "PHSA-2021-4.0-0130", "PHSA-2021-4.0-0135", "PHSA-2021-4.0-0138", "PHSA-2021-4.0-0139", "PHSA-2021-4.0-0140", "PHSA-2021-4.0-0141", "PHSA-2022-0153", "PHSA-2022-0358", "PHSA-2022-0429", "PHSA-2022-0431", "PHSA-2022-0432", "PHSA-2022-0433", "PHSA-2022-0434", "PHSA-2022-0435", "PHSA-2022-0436", "PHSA-2022-0439", "PHSA-2022-0440", "PHSA-2022-0441", "PHSA-2022-0442", "PHSA-2022-0443", "PHSA-2022-0444", "PHSA-2022-0445", "PHSA-2022-0446", "PHSA-2022-0447", "PHSA-2022-0448", "PHSA-2022-0449", "PHSA-2022-0450", "PHSA-2022-0451", "PHSA-2022-0452", "PHSA-2022-0453", "PHSA-2022-0454", "PHSA-2022-0455", "PHSA-2022-0456", "PHSA-2022-0457", "PHSA-2022-0458", "PHSA-2022-0459", "PHSA-2022-0460", "PHSA-2022-0461", "PHSA-2022-0462", "PHSA-2022-0463", "PHSA-2022-0464", "PHSA-2022-0465", "PHSA-2022-0466", "PHSA-2022-0467", "PHSA-2022-0468", "PHSA-2022-0469", "PHSA-2022-0470", "PHSA-2022-0471", "PHSA-2022-0472", "PHSA-2022-0473", "PHSA-2022-0474", "PHSA-2022-0475", "PHSA-2022-0476", "PHSA-2022-0477", "PHSA-2022-0478", "PHSA-2022-0479", "PHSA-2022-0480", "PHSA-2022-0481", "PHSA-2022-0482", "PHSA-2022-0483", "PHSA-2022-0484", "PHSA-2022-0485", "PHSA-2022-0486", "PHSA-2022-0487", "PHSA-2022-0488", "PHSA-2022-0489", "PHSA-2022-0490", "PHSA-2022-0491", "PHSA-2022-0492", "PHSA-2022-0493", "PHSA-2022-0494", "PHSA-2022-0495", "PHSA-2022-0496", "PHSA-2022-0497", "PHSA-2022-0498", "PHSA-2022-0499", "PHSA-2022-0501", "PHSA-2022-0502", "PHSA-2022-0503", "PHSA-2022-0504", "PHSA-2022-0506", "PHSA-2022-0508", "PHSA-2022-0509", "PHSA-2022-0510", "PHSA-2022-0511", "PHSA-2022-0512", "PHSA-2022-0513", "PHSA-2022-0514", "PHSA-2022-0515", "PHSA-2022-0516", "PHSA-2022-0517", "PHSA-2022-0518", "PHSA-2022-0519", "PHSA-2022-0520", "PHSA-2022-0522", "PHSA-2022-0523", "PHSA-2022-0524", "PHSA-2022-0525", "PHSA-2022-0526", "PHSA-2022-0527", "PHSA-2022-0528", "PHSA-2022-0529", "PHSA-2022-0530", "PHSA-2022-0531", "PHSA-2022-0532", "PHSA-2022-0533", "PHSA-2022-0534", "PHSA-2022-0536", "PHSA-2022-0538", "PHSA-2022-0540", "PHSA-2022-0541", "PHSA-2022-0542", "PHSA-2022-0543", "PHSA-2022-0546", "PHSA-2022-0547", "PHSA-2022-0550", "PHSA-2022-0551", "PHSA-2022-3.0-0347", "PHSA-2022-3.0-0348", "PHSA-2022-3.0-0349", "PHSA-2022-3.0-0350", "PHSA-2022-3.0-0351", "PHSA-2022-3.0-0352", "PHSA-2022-3.0-0353", "PHSA-2022-3.0-0354", "PHSA-2022-3.0-0356", "PHSA-2022-3.0-0358", "PHSA-2022-3.0-0359", "PHSA-2022-3.0-0361", "PHSA-2022-3.0-0362", "PHSA-2022-3.0-0363", "PHSA-2022-3.0-0364", "PHSA-2022-3.0-0365", "PHSA-2022-3.0-0366", "PHSA-2022-3.0-0367", "PHSA-2022-3.0-0368", "PHSA-2022-3.0-0369", "PHSA-2022-3.0-0370", "PHSA-2022-3.0-0371", "PHSA-2022-3.0-0372", "PHSA-2022-3.0-0373", "PHSA-2022-3.0-0374", "PHSA-2022-3.0-0375", "PHSA-2022-3.0-0376", "PHSA-2022-3.0-0377", "PHSA-2022-3.0-0379", "PHSA-2022-3.0-0380", "PHSA-2022-3.0-0381", "PHSA-2022-3.0-0382", "PHSA-2022-3.0-0383", "PHSA-2022-3.0-0386", "PHSA-2022-3.0-0388", "PHSA-2022-3.0-0389", "PHSA-2022-3.0-0390", "PHSA-2022-3.0-0391", "PHSA-2022-3.0-0392", "PHSA-2022-3.0-0393", "PHSA-2022-3.0-0394", "PHSA-2022-3.0-0395", "PHSA-2022-3.0-0396", "PHSA-2022-3.0-0397", "PHSA-2022-3.0-0398", "PHSA-2022-3.0-0399", "PHSA-2022-3.0-0400", "PHSA-2022-3.0-0402", "PHSA-2022-3.0-0404", "PHSA-2022-3.0-0405", "PHSA-2022-3.0-0406", "PHSA-2022-3.0-0408", "PHSA-2022-3.0-0409", "PHSA-2022-3.0-0411", "PHSA-2022-3.0-0412", "PHSA-2022-3.0-0415", "PHSA-2022-3.0-0418", "PHSA-2022-3.0-0421", "PHSA-2022-3.0-0422", "PHSA-2022-3.0-0424", "PHSA-2022-3.0-0425", "PHSA-2022-3.0-0426", "PHSA-2022-3.0-0428", "PHSA-2022-3.0-0429", "PHSA-2022-3.0-0430", "PHSA-2022-3.0-0431", "PHSA-2022-3.0-0433", "PHSA-2022-3.0-0434", "PHSA-2022-3.0-0436", "PHSA-2022-3.0-0437", "PHSA-2022-3.0-0440", "PHSA-2022-3.0-0441", "PHSA-2022-3.0-0442", "PHSA-2022-3.0-0443", "PHSA-2022-3.0-0444", "PHSA-2022-3.0-0445", "PHSA-2022-3.0-0446", "PHSA-2022-3.0-0447", "PHSA-2022-3.0-0449", "PHSA-2022-3.0-0450", "PHSA-2022-3.0-0451", "PHSA-2022-3.0-0452", "PHSA-2022-3.0-0453", "PHSA-2022-3.0-0455", "PHSA-2022-3.0-0456", "PHSA-2022-3.0-0458", "PHSA-2022-3.0-0459", "PHSA-2022-3.0-0461", "PHSA-2022-3.0-0462", "PHSA-2022-3.0-0463", "PHSA-2022-3.0-0464", "PHSA-2022-3.0-0465", "PHSA-2022-3.0-0470", "PHSA-2022-3.0-0471", "PHSA-2022-3.0-0473", "PHSA-2022-3.0-0474", "PHSA-2022-3.0-0476", "PHSA-2022-3.0-0477", "PHSA-2022-3.0-0478", "PHSA-2022-3.0-0479", "PHSA-2022-3.0-0480", "PHSA-2022-3.0-0481", "PHSA-2022-3.0-0483", "PHSA-2022-3.0-0485", "PHSA-2022-3.0-0486", "PHSA-2022-3.0-0487", "PHSA-2022-3.0-0488", "PHSA-2022-3.0-0489", "PHSA-2022-3.0-0491", "PHSA-2022-3.0-0493", "PHSA-2022-3.0-0499", "PHSA-2022-3.0-0500", "PHSA-2022-3.0-0502", "PHSA-2022-3.0-0504", "PHSA-2022-3.0-0505", "PHSA-2022-3.0-0507", "PHSA-2022-3.0-0508", "PHSA-2022-3.0-0509", "PHSA-2022-4.0-0142", "PHSA-2022-4.0-0143", "PHSA-2022-4.0-0144", "PHSA-2022-4.0-0145", "PHSA-2022-4.0-0146", "PHSA-2022-4.0-0147", "PHSA-2022-4.0-0148", "PHSA-2022-4.0-0149", "PHSA-2022-4.0-0151", "PHSA-2022-4.0-0152", "PHSA-2022-4.0-0153", "PHSA-2022-4.0-0154", "PHSA-2022-4.0-0155", "PHSA-2022-4.0-0156", "PHSA-2022-4.0-0157", "PHSA-2022-4.0-0158", "PHSA-2022-4.0-0159", "PHSA-2022-4.0-0160", "PHSA-2022-4.0-0161", "PHSA-2022-4.0-0162", "PHSA-2022-4.0-0163", "PHSA-2022-4.0-0164", "PHSA-2022-4.0-0165", "PHSA-2022-4.0-0166", "PHSA-2022-4.0-0167", "PHSA-2022-4.0-0168", "PHSA-2022-4.0-0169", "PHSA-2022-4.0-0170", "PHSA-2022-4.0-0171", "PHSA-2022-4.0-0172", "PHSA-2022-4.0-0173", "PHSA-2022-4.0-0176", "PHSA-2022-4.0-0178", "PHSA-2022-4.0-0182", "PHSA-2022-4.0-0183", "PHSA-2022-4.0-0184", "PHSA-2022-4.0-0185", "PHSA-2022-4.0-0187", "PHSA-2022-4.0-0188", "PHSA-2022-4.0-0189", "PHSA-2022-4.0-0192", "PHSA-2022-4.0-0194", "PHSA-2022-4.0-0195", "PHSA-2022-4.0-0198", "PHSA-2022-4.0-0199", "PHSA-2022-4.0-0201", "PHSA-2022-4.0-0202", "PHSA-2022-4.0-0205", "PHSA-2022-4.0-0207", "PHSA-2022-4.0-0208", "PHSA-2022-4.0-0209", "PHSA-2022-4.0-0213", "PHSA-2022-4.0-0214", "PHSA-2022-4.0-0216", "PHSA-2022-4.0-0218", "PHSA-2022-4.0-0220", "PHSA-2022-4.0-0221", "PHSA-2022-4.0-0223", "PHSA-2022-4.0-0224", "PHSA-2022-4.0-0226", "PHSA-2022-4.0-0227", "PHSA-2022-4.0-0230", "PHSA-2022-4.0-0231", "PHSA-2022-4.0-0232", "PHSA-2022-4.0-0234", "PHSA-2022-4.0-0235", "PHSA-2022-4.0-0236", "PHSA-2022-4.0-0237", "PHSA-2022-4.0-0238", "PHSA-2022-4.0-0240", "PHSA-2022-4.0-0242", "PHSA-2022-4.0-0243", "PHSA-2022-4.0-0244", "PHSA-2022-4.0-0245", "PHSA-2022-4.0-0246", "PHSA-2022-4.0-0247", "PHSA-2022-4.0-0248", "PHSA-2022-4.0-0249", "PHSA-2022-4.0-0250", "PHSA-2022-4.0-0251", "PHSA-2022-4.0-0252", "PHSA-2022-4.0-0253", "PHSA-2022-4.0-0256", "PHSA-2022-4.0-0257", "PHSA-2022-4.0-0259", "PHSA-2022-4.0-0262", "PHSA-2022-4.0-0263", "PHSA-2022-4.0-0266", "PHSA-2022-4.0-0267", "PHSA-2022-4.0-0269", "PHSA-2022-4.0-0270", "PHSA-2022-4.0-0271", "PHSA-2022-4.0-0272", "PHSA-2022-4.0-0273", "PHSA-2022-4.0-0274", "PHSA-2022-4.0-0275", "PHSA-2022-4.0-0276", "PHSA-2022-4.0-0279", "PHSA-2022-4.0-0280", "PHSA-2022-4.0-0282", "PHSA-2022-4.0-0283", "PHSA-2022-4.0-0285", "PHSA-2022-4.0-0286", "PHSA-2022-4.0-0288", "PHSA-2022-4.0-0289", "PHSA-2022-4.0-0290", "PHSA-2022-4.0-0293", "PHSA-2022-4.0-0294", "PHSA-2022-4.0-0297", "PHSA-2022-4.0-0298", "PHSA-2022-4.0-0299", "PHSA-2022-4.0-0300", "PHSA-2022-4.0-0303", "PHSA-2022-4.0-0304", "PHSA-2022-4.0-0305", "PHSA-2023-0552", "PHSA-2023-3.0-0510", "PHSA-2023-3.0-0511", "PHSA-2023-3.0-0513", "PHSA-2023-3.0-0516", "PHSA-2023-3.0-0518", "PHSA-2023-3.0-0519", "PHSA-2023-3.0-0520", "PHSA-2023-3.0-0521", "PHSA-2023-3.0-0522", "PHSA-2023-3.0-0523", "PHSA-2023-3.0-0526", "PHSA-2023-3.0-0527", "PHSA-2023-3.0-0528", "PHSA-2023-3.0-0529", "PHSA-2023-3.0-0530", "PHSA-2023-3.0-0531", "PHSA-2023-3.0-0532", "PHSA-2023-3.0-0533", "PHSA-2023-3.0-0538", "PHSA-2023-3.0-0541", "PHSA-2023-3.0-0544", "PHSA-2023-3.0-0545", "PHSA-2023-3.0-0547", "PHSA-2023-3.0-0549", "PHSA-2023-3.0-0552", "PHSA-2023-3.0-0554", "PHSA-2023-3.0-0556", "PHSA-2023-3.0-0559", "PHSA-2023-3.0-0562", "PHSA-2023-3.0-0563", "PHSA-2023-3.0-0564", "PHSA-2023-3.0-0566", "PHSA-2023-3.0-0568", "PHSA-2023-3.0-0569", "PHSA-2023-3.0-0570", "PHSA-2023-3.0-0573", "PHSA-2023-3.0-0574", "PHSA-2023-3.0-0575", "PHSA-2023-3.0-0576", "PHSA-2023-3.0-0578", "PHSA-2023-3.0-0579", "PHSA-2023-3.0-0580", "PHSA-2023-3.0-0581", "PHSA-2023-3.0-0583", "PHSA-2023-3.0-0584", "PHSA-2023-3.0-0585", "PHSA-2023-3.0-0586", "PHSA-2023-3.0-0587", "PHSA-2023-3.0-0588", "PHSA-2023-3.0-0589", "PHSA-2023-3.0-0590", "PHSA-2023-3.0-0591", "PHSA-2023-3.0-0593", "PHSA-2023-3.0-0594", "PHSA-2023-3.0-0595", "PHSA-2023-3.0-0597", "PHSA-2023-3.0-0598", "PHSA-2023-3.0-0599", "PHSA-2023-3.0-0601", "PHSA-2023-3.0-0602", "PHSA-2023-3.0-0603", "PHSA-2023-3.0-0604", "PHSA-2023-3.0-0605", "PHSA-2023-3.0-0606", "PHSA-2023-3.0-0607", "PHSA-2023-3.0-0608", "PHSA-2023-3.0-0610", "PHSA-2023-3.0-0611", "PHSA-2023-3.0-0612", "PHSA-2023-3.0-0613", "PHSA-2023-3.0-0614", "PHSA-2023-3.0-0615", "PHSA-2023-3.0-0616", "PHSA-2023-3.0-0617", "PHSA-2023-3.0-0618", "PHSA-2023-3.0-0619", "PHSA-2023-3.0-0620", "PHSA-2023-3.0-0621", "PHSA-2023-3.0-0623", "PHSA-2023-3.0-0624", "PHSA-2023-3.0-0625", "PHSA-2023-3.0-0626", "PHSA-2023-3.0-0627", "PHSA-2023-3.0-0628", "PHSA-2023-3.0-0629", "PHSA-2023-3.0-0631", "PHSA-2023-3.0-0632", "PHSA-2023-3.0-0637", "PHSA-2023-3.0-0640", "PHSA-2023-3.0-0642", "PHSA-2023-3.0-0643", "PHSA-2023-3.0-0644", "PHSA-2023-3.0-0645", "PHSA-2023-3.0-0646", "PHSA-2023-3.0-0647", "PHSA-2023-3.0-0649", "PHSA-2023-3.0-0650", "PHSA-2023-3.0-0651", "PHSA-2023-3.0-0652", "PHSA-2023-3.0-0653", "PHSA-2023-3.0-0655", "PHSA-2023-3.0-0656", "PHSA-2023-3.0-0657", "PHSA-2023-3.0-0661", "PHSA-2023-3.0-0663", "PHSA-2023-3.0-0665", "PHSA-2023-3.0-0667", "PHSA-2023-3.0-0668", "PHSA-2023-3.0-0670", "PHSA-2023-3.0-0671", "PHSA-2023-3.0-0672", "PHSA-2023-3.0-0673", "PHSA-2023-3.0-0674", "PHSA-2023-3.0-0675", "PHSA-2023-3.0-0676", "PHSA-2023-3.0-0678", "PHSA-2023-3.0-0680", "PHSA-2023-3.0-0681", "PHSA-2023-3.0-0682", "PHSA-2023-3.0-0683", "PHSA-2023-3.0-0684", "PHSA-2023-3.0-0685", "PHSA-2023-3.0-0686", "PHSA-2023-3.0-0687", "PHSA-2023-3.0-0689", "PHSA-2023-3.0-0690", "PHSA-2023-3.0-0692", "PHSA-2023-4.0-0306", "PHSA-2023-4.0-0307", "PHSA-2023-4.0-0308", "PHSA-2023-4.0-0309", "PHSA-2023-4.0-0310", "PHSA-2023-4.0-0314", "PHSA-2023-4.0-0315", "PHSA-2023-4.0-0316", "PHSA-2023-4.0-0318", "PHSA-2023-4.0-0319", "PHSA-2023-4.0-0320", "PHSA-2023-4.0-0321", "PHSA-2023-4.0-0322", "PHSA-2023-4.0-0323", "PHSA-2023-4.0-0324", "PHSA-2023-4.0-0325", "PHSA-2023-4.0-0326", "PHSA-2023-4.0-0327", "PHSA-2023-4.0-0328", "PHSA-2023-4.0-0329", "PHSA-2023-4.0-0330", "PHSA-2023-4.0-0331", "PHSA-2023-4.0-0332", "PHSA-2023-4.0-0333", "PHSA-2023-4.0-0334", "PHSA-2023-4.0-0336", "PHSA-2023-4.0-0337", "PHSA-2023-4.0-0338", "PHSA-2023-4.0-0339", "PHSA-2023-4.0-0340", "PHSA-2023-4.0-0342", "PHSA-2023-4.0-0345", "PHSA-2023-4.0-0348", "PHSA-2023-4.0-0349", "PHSA-2023-4.0-0350", "PHSA-2023-4.0-0352", "PHSA-2023-4.0-0354", "PHSA-2023-4.0-0359", "PHSA-2023-4.0-0362", "PHSA-2023-4.0-0364", "PHSA-2023-4.0-0365", "PHSA-2023-4.0-0366", "PHSA-2023-4.0-0369", "PHSA-2023-4.0-0370", "PHSA-2023-4.0-0371", "PHSA-2023-4.0-0372", "PHSA-2023-4.0-0373", "PHSA-2023-4.0-0375", "PHSA-2023-4.0-0377", "PHSA-2023-4.0-0379", "PHSA-2023-4.0-0380", "PHSA-2023-4.0-0381", "PHSA-2023-4.0-0383", "PHSA-2023-4.0-0384", "PHSA-2023-4.0-0386", "PHSA-2023-4.0-0387", "PHSA-2023-4.0-0389", "PHSA-2023-4.0-0391", "PHSA-2023-4.0-0392", "PHSA-2023-4.0-0393", "PHSA-2023-4.0-0394", "PHSA-2023-4.0-0395", "PHSA-2023-4.0-0396", "PHSA-2023-4.0-0397", "PHSA-2023-4.0-0398", "PHSA-2023-4.0-0399", "PHSA-2023-4.0-0400", "PHSA-2023-4.0-0401", "PHSA-2023-4.0-0402", "PHSA-2023-4.0-0404", "PHSA-2023-4.0-0405", "PHSA-2023-4.0-0406", "PHSA-2023-4.0-0408", "PHSA-2023-4.0-0409", "PHSA-2023-4.0-0410", "PHSA-2023-4.0-0411", "PHSA-2023-4.0-0413", "PHSA-2023-4.0-0414", "PHSA-2023-4.0-0415", "PHSA-2023-4.0-0416", "PHSA-2023-4.0-0417", "PHSA-2023-4.0-0419", "PHSA-2023-4.0-0420", "PHSA-2023-4.0-0423", "PHSA-2023-4.0-0424", "PHSA-2023-4.0-0425", "PHSA-2023-4.0-0426", "PHSA-2023-4.0-0427", "PHSA-2023-4.0-0428", "PHSA-2023-4.0-0429", "PHSA-2023-4.0-0431", "PHSA-2023-4.0-0432", "PHSA-2023-4.0-0433", "PHSA-2023-4.0-0434", "PHSA-2023-4.0-0435", "PHSA-2023-4.0-0436", "PHSA-2023-4.0-0438", "PHSA-2023-4.0-0439", "PHSA-2023-4.0-0440", "PHSA-2023-4.0-0441", "PHSA-2023-4.0-0442", "PHSA-2023-4.0-0443", "PHSA-2023-4.0-0444", "PHSA-2023-4.0-0446", "PHSA-2023-4.0-0449", "PHSA-2023-4.0-0450", "PHSA-2023-4.0-0452", "PHSA-2023-4.0-0455", "PHSA-2023-4.0-0457", "PHSA-2023-4.0-0458", "PHSA-2023-4.0-0459", "PHSA-2023-4.0-0460", "PHSA-2023-4.0-0461", "PHSA-2023-4.0-0462", "PHSA-2023-4.0-0463", "PHSA-2023-4.0-0465", "PHSA-2023-4.0-0466", "PHSA-2023-4.0-0467", "PHSA-2023-4.0-0468", "PHSA-2023-4.0-0469", "PHSA-2023-4.0-0471", "PHSA-2023-4.0-0472", "PHSA-2023-4.0-0474", "PHSA-2023-4.0-0475", "PHSA-2023-4.0-0478", "PHSA-2023-4.0-0479", "PHSA-2023-4.0-0480", "PHSA-2023-4.0-0481", "PHSA-2023-4.0-0482", "PHSA-2023-4.0-0483", "PHSA-2023-4.0-0484", "PHSA-2023-4.0-0486", "PHSA-2023-4.0-0487", "PHSA-2023-4.0-0488", "PHSA-2023-4.0-0490", "PHSA-2023-4.0-0491", "PHSA-2023-4.0-0492", "PHSA-2023-4.0-0494", "PHSA-2023-4.0-0495", "PHSA-2023-4.0-0496", "PHSA-2023-4.0-0497", "PHSA-2023-4.0-0499", "PHSA-2023-4.0-0500", "PHSA-2023-4.0-0502", "PHSA-2023-4.0-0504", "PHSA-2023-4.0-0505", "PHSA-2023-4.0-0506", "PHSA-2023-4.0-0507", "PHSA-2023-4.0-0508", "PHSA-2023-4.0-0509", "PHSA-2023-4.0-0510", "PHSA-2023-4.0-0512", "PHSA-2023-4.0-0513", "PHSA-2023-4.0-0515", "PHSA-2023-4.0-0516", "PHSA-2023-4.0-0517", "PHSA-2023-4.0-0518", "PHSA-2023-4.0-0520", "PHSA-2023-4.0-0521", "PHSA-2023-5.0-0001", "PHSA-2023-5.0-0005", "PHSA-2023-5.0-0006", "PHSA-2023-5.0-0008", "PHSA-2023-5.0-0009", "PHSA-2023-5.0-0010", "PHSA-2023-5.0-0011", "PHSA-2023-5.0-0012", "PHSA-2023-5.0-0013", "PHSA-2023-5.0-0014", "PHSA-2023-5.0-0015", "PHSA-2023-5.0-0017", "PHSA-2023-5.0-0018", "PHSA-2023-5.0-0020", "PHSA-2023-5.0-0021", "PHSA-2023-5.0-0022", "PHSA-2023-5.0-0023", "PHSA-2023-5.0-0024", "PHSA-2023-5.0-0025", "PHSA-2023-5.0-0028", "PHSA-2023-5.0-0029", "PHSA-2023-5.0-0030", "PHSA-2023-5.0-0031", "PHSA-2023-5.0-0032", "PHSA-2023-5.0-0033", "PHSA-2023-5.0-0034", "PHSA-2023-5.0-0035", "PHSA-2023-5.0-0036", "PHSA-2023-5.0-0037", "PHSA-2023-5.0-0038", "PHSA-2023-5.0-0039", "PHSA-2023-5.0-0040", "PHSA-2023-5.0-0041", "PHSA-2023-5.0-0043", "PHSA-2023-5.0-0044", "PHSA-2023-5.0-0045", "PHSA-2023-5.0-0046", "PHSA-2023-5.0-0047", "PHSA-2023-5.0-0048", "PHSA-2023-5.0-0049", "PHSA-2023-5.0-0050", "PHSA-2023-5.0-0053", "PHSA-2023-5.0-0054", "PHSA-2023-5.0-0055", "PHSA-2023-5.0-0056", "PHSA-2023-5.0-0057", "PHSA-2023-5.0-0059", "PHSA-2023-5.0-0060", "PHSA-2023-5.0-0061", "PHSA-2023-5.0-0062", "PHSA-2023-5.0-0063", "PHSA-2023-5.0-0066", "PHSA-2023-5.0-0067", "PHSA-2023-5.0-0068", "PHSA-2023-5.0-0070", "PHSA-2023-5.0-0075", "PHSA-2023-5.0-0078", "PHSA-2023-5.0-0080", "PHSA-2023-5.0-0082", "PHSA-2023-5.0-0083", "PHSA-2023-5.0-0084", "PHSA-2023-5.0-0085", "PHSA-2023-5.0-0086", "PHSA-2023-5.0-0087", "PHSA-2023-5.0-0089", "PHSA-2023-5.0-0090", "PHSA-2023-5.0-0091", "PHSA-2023-5.0-0092", "PHSA-2023-5.0-0093", "PHSA-2023-5.0-0094", "PHSA-2023-5.0-0095", "PHSA-2023-5.0-0096", "PHSA-2023-5.0-0097", "PHSA-2023-5.0-0100", "PHSA-2023-5.0-0101", "PHSA-2023-5.0-0102", "PHSA-2023-5.0-0103", "PHSA-2023-5.0-0106", "PHSA-2023-5.0-0107", "PHSA-2023-5.0-0108", "PHSA-2023-5.0-0110", "PHSA-2023-5.0-0111", "PHSA-2023-5.0-0112", "PHSA-2023-5.0-0113", "PHSA-2023-5.0-0114", "PHSA-2023-5.0-0118", "PHSA-2023-5.0-0119", "PHSA-2023-5.0-0123", "PHSA-2023-5.0-0124", "PHSA-2023-5.0-0125", "PHSA-2023-5.0-0126", "PHSA-2023-5.0-0127", "PHSA-2023-5.0-0130", "PHSA-2023-5.0-0131", "PHSA-2023-5.0-0132", "PHSA-2023-5.0-0134", "PHSA-2023-5.0-0135", "PHSA-2023-5.0-0137", "PHSA-2023-5.0-0139", "PHSA-2023-5.0-0140", "PHSA-2023-5.0-0141", "PHSA-2023-5.0-0143", "PHSA-2023-5.0-0145", "PHSA-2023-5.0-0146", "PHSA-2023-5.0-0147", "PHSA-2023-5.0-0148", "PHSA-2023-5.0-0154"]}, {"type": "prion", "idList": ["PRION:CVE-2021-3872", "PRION:CVE-2022-23990"]}, {"type": "redhat", "idList": ["RHSA-2022:0366", "RHSA-2022:0444", "RHSA-2022:0445", "RHSA-2022:0476", "RHSA-2022:0595", "RHSA-2022:0721", "RHSA-2022:0735", "RHSA-2022:0842", "RHSA-2022:0856", "RHSA-2022:7144", "RHSA-2022:7811"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3872", "RH:CVE-2022-23990"]}, {"type": "redos", "idList": ["ROS-20220330-02"]}, {"type": "rocky", "idList": ["RLSA-2022:0366", "RLSA-2022:7811"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2214"]}, {"type": "slackware", "idList": ["SSA-2022-027-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0498-1", "OPENSUSE-SU-2022:0736-1", "SUSE-SU-2022:2102-1"]}, {"type": "thn", "idList": ["THN:17D0D209B56B4709BECDD8021277421F"]}, {"type": "ubuntu", "idList": ["USN-5147-1", "USN-5288-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3872", "UB:CVE-2022-23990"]}, {"type": "veracode", "idList": ["VERACODE:32796", "VERACODE:33920"]}, {"type": "vmware", "idList": ["VMSA-2023-0026"]}]}, "epss": [{"cve": "CVE-2021-3872", "epss": 0.0009, "percentile": 0.37107, "modified": "2023-05-03"}, {"cve": "CVE-2022-23990", "epss": 0.00245, "percentile": 0.60978, "modified": "2023-05-03"}], "vulnersScore": 1.6}, "_state": {"dependencies": 1701131509, "score": 1701131356, "epss": 0}, "_internal": {"score_hash": "bb06521a8e978f4fa571a3e4fcc75e43"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.9-5.ph2", "packageFilename": "expat-devel-2.2.9-5.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat-devel"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "8.0.0533-18.ph2", "packageFilename": "vim-8.0.0533-18.ph2.x86_64.rpm", "operator": "lt", "packageName": "vim"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.9-5.ph2", "packageFilename": "expat-2.2.9-5.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "8.0.0533-18.ph2", "packageFilename": "vim-extra-8.0.0533-18.ph2.x86_64.rpm", "operator": "lt", "packageName": "vim-extra"}, {"OS": "Photon", "OSVersion": "2.0", "arch": "x86_64", "packageVersion": "2.2.9-5.ph2", "packageFilename": "expat-libs-2.2.9-5.ph2.x86_64.rpm", "operator": "lt", "packageName": "expat-libs"}], "vendorCvss": {"severity": "critical"}}

{"photon": [{"lastseen": "2023-11-28T03:11:24", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0322", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872", "CVE-2021-3875", "CVE-2023-34060"], "modified": "2021-10-30T00:00:00", "id": "PHSA-2021-3.0-0322", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-322", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:54:36", "description": "Updates of ['apr', 'vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0121", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35940", "CVE-2021-3872", "CVE-2021-3875", "CVE-2023-34060"], "modified": "2021-10-29T00:00:00", "id": "PHSA-2021-4.0-0121", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-121", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:27:19", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-5.0-0143", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-5.0-0143", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:34:18", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-4.0-0512", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-4.0-0512", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:55:24", "description": "Updates of ['sssd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-3.0-0687", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-15T00:00:00", "id": "PHSA-2023-3.0-0687", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:47:02", "description": "Updates of ['mysql', 'expat'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-02-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0467", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21245", "CVE-2022-21270", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21344", "CVE-2022-21367", "CVE-2022-23990", "CVE-2023-34060"], "modified": "2022-02-04T00:00:00", "id": "PHSA-2022-0467", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-467", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:58:16", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-3.0-0613", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24834", "CVE-2023-34060"], "modified": "2023-07-14T00:00:00", "id": "PHSA-2023-3.0-0613", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-613", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:33:48", "description": "Updates of ['wireshark'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0521", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-6175"], "modified": "2023-11-25T00:00:00", "id": "PHSA-2023-4.0-0521", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-521", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:59:33", "description": "Updates of ['shadow'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-30T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2023-3.0-0588", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-29383", "CVE-2023-34060"], "modified": "2023-05-30T00:00:00", "id": "PHSA-2023-3.0-0588", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-588", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:45:11", "description": "Updates of ['zstd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0235", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24032", "CVE-2023-34060"], "modified": "2022-08-22T00:00:00", "id": "PHSA-2022-4.0-0235", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-235", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:46:05", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-02T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0220", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29187", "CVE-2023-34060"], "modified": "2022-08-02T00:00:00", "id": "PHSA-2022-4.0-0220", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-220", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:46:16", "description": "Updates of ['gnupg'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0218", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34903", "CVE-2023-34060"], "modified": "2022-07-29T00:00:00", "id": "PHSA-2022-4.0-0218", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-218", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:13", "description": "Updates of ['rust'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0019", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36323", "CVE-2023-34060"], "modified": "2021-05-06T00:00:00", "id": "PHSA-2021-4.0-0019", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:05", "description": "Updates of ['gnuplot'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-4.0-0022", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25412", "CVE-2023-34060"], "modified": "2021-05-11T00:00:00", "id": "PHSA-2021-4.0-0022", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:40:28", "description": "Updates of ['strongswan'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-30T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-4.0-0366", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-26463", "CVE-2023-34060"], "modified": "2023-03-30T00:00:00", "id": "PHSA-2023-4.0-0366", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-366", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:42:38", "description": "Updates of ['grub2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0306", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28733", "CVE-2023-34060"], "modified": "2023-01-03T00:00:00", "id": "PHSA-2023-4.0-0306", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-306", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:16", "description": "Updates of ['open-vm-tools'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0442", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31676", "CVE-2023-34060"], "modified": "2022-08-24T00:00:00", "id": "PHSA-2022-3.0-0442", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-442", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:10", "description": "Updates of ['zlib'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0436", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37434", "CVE-2023-34060"], "modified": "2022-08-17T00:00:00", "id": "PHSA-2022-3.0-0436", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-436", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:02:28", "description": "Updates of ['grub2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-3.0-0510", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-28733", "CVE-2023-34060"], "modified": "2023-01-03T00:00:00", "id": "PHSA-2023-3.0-0510", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-510", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:31:05", "description": "Updates of ['gdb'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0050", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25032", "CVE-2023-34060"], "modified": "2023-07-15T00:00:00", "id": "PHSA-2023-5.0-0050", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-50", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:37:36", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-21T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0434", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-2975", "CVE-2023-34060"], "modified": "2023-07-21T00:00:00", "id": "PHSA-2023-4.0-0434", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-434", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:31:31", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-23T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0055", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-2975", "CVE-2023-34060"], "modified": "2023-07-23T00:00:00", "id": "PHSA-2023-5.0-0055", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-55", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:32:26", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0095", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-38039"], "modified": "2023-09-14T00:00:00", "id": "PHSA-2023-5.0-0095", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-95", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:32:29", "description": "Updates of ['libwebp'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0061", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-1999", "CVE-2023-34060"], "modified": "2023-07-29T00:00:00", "id": "PHSA-2023-5.0-0061", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-61", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:36:32", "description": "Updates of ['haproxy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0455", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-40225"], "modified": "2023-08-22T00:00:00", "id": "PHSA-2023-4.0-0455", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-455", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:50:57", "description": "Updates of ['ruby'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0096", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31810", "CVE-2023-34060"], "modified": "2021-09-07T00:00:00", "id": "PHSA-2021-4.0-0096", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-96", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:51:09", "description": "Updates of ['dnsmasq'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0093", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3448", "CVE-2023-34060"], "modified": "2021-09-03T00:00:00", "id": "PHSA-2021-4.0-0093", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-93", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:32", "description": "Updates of ['linux', 'linux-aws', 'linux-secure', 'linux-rt', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0011", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29154", "CVE-2023-34060"], "modified": "2021-04-20T00:00:00", "id": "PHSA-2021-4.0-0011", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:47", "description": "Updates of ['cassandra'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0003", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17516", "CVE-2023-34060"], "modified": "2021-03-12T00:00:00", "id": "PHSA-2021-4.0-0003", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-3", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:06:51", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-23T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0396", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29155", "CVE-2023-34060"], "modified": "2022-05-23T00:00:00", "id": "PHSA-2022-3.0-0396", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-396", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:07:31", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-04-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-3.0-0377", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-22623", "CVE-2023-34060"], "modified": "2022-04-04T00:00:00", "id": "PHSA-2022-3.0-0377", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-377", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:32:48", "description": "Updates of ['libX11'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0029", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-3138", "CVE-2023-34060"], "modified": "2023-06-16T00:00:00", "id": "PHSA-2023-5.0-0029", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:24:13", "description": "Updates of ['linux', 'linux-aws', 'linux-secure', 'linux-rt', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-24T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-3.0-0144", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25211", "CVE-2023-34060"], "modified": "2020-09-24T00:00:00", "id": "PHSA-2020-3.0-0144", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:24:03", "description": "Updates of ['gnutls'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0146", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24659", "CVE-2023-34060"], "modified": "2020-09-29T00:00:00", "id": "PHSA-2020-3.0-0146", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-146", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:26:58", "description": "Updates of ['cyrus-sasl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-04-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0077", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19906", "CVE-2023-34060"], "modified": "2020-04-06T00:00:00", "id": "PHSA-2020-3.0-0077", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-77", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:33:57", "description": "Updates of ['libxslt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-06-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0485", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30560", "CVE-2023-34060"], "modified": "2022-06-17T00:00:00", "id": "PHSA-2022-0485", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-485", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:33:12", "description": "Updates of ['rsync'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0503", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29154", "CVE-2023-34060"], "modified": "2022-08-05T00:00:00", "id": "PHSA-2022-0503", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-503", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:33:06", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-0502", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2231", "CVE-2023-34060"], "modified": "2022-08-04T00:00:00", "id": "PHSA-2022-0502", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-502", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:32:04", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-09-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0519", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-27664", "CVE-2023-34060"], "modified": "2022-09-20T00:00:00", "id": "PHSA-2022-0519", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-519", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:31:39", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0536", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3647", "CVE-2023-34060"], "modified": "2022-11-05T00:00:00", "id": "PHSA-2022-0536", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-536", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:52:41", "description": "Updates of ['httpd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-08-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0089", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1333", "CVE-2023-34060"], "modified": "2018-08-30T00:00:00", "id": "PHSA-2018-0089", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-89", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:52:54", "description": "Updates of ['linux', 'linux-esx', 'linux-aws', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-08-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0083", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12233", "CVE-2023-34060"], "modified": "2018-08-13T00:00:00", "id": "PHSA-2018-0083", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-83", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:47:35", "description": "Updates of ['dnsmasq'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-01-23T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2020-0201", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14834", "CVE-2023-34060"], "modified": "2020-01-23T00:00:00", "id": "PHSA-2020-0201", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-201", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:02:48", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-10-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0334", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19377", "CVE-2023-34060"], "modified": "2020-10-21T00:00:00", "id": "PHSA-2020-0334", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-334", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:08", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0328", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25211", "CVE-2023-34060"], "modified": "2020-09-25T00:00:00", "id": "PHSA-2020-0328", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-328", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:21", "description": "Updates of ['gettext'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0326", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12825", "CVE-2023-34060"], "modified": "2020-09-21T00:00:00", "id": "PHSA-2020-0326", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-326", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:38", "description": "Updates of ['zeromq'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-09-09T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0322", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15166", "CVE-2023-34060"], "modified": "2020-09-09T00:00:00", "id": "PHSA-2020-0322", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-322", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:03:57", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-25T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0316", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16845", "CVE-2023-34060"], "modified": "2020-08-25T00:00:00", "id": "PHSA-2020-0316", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-316", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:58:29", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-26T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0429", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3712", "CVE-2023-34060"], "modified": "2021-08-26T00:00:00", "id": "PHSA-2021-0429", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-429", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:01:20", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0367", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27212", "CVE-2023-34060"], "modified": "2021-03-05T00:00:00", "id": "PHSA-2021-0367", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-367", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:51:40", "description": "Updates of ['haproxy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0104", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40346", "CVE-2023-34060"], "modified": "2021-09-21T00:00:00", "id": "PHSA-2021-4.0-0104", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-104", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:51:27", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0110", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3778", "CVE-2023-34060"], "modified": "2021-10-03T00:00:00", "id": "PHSA-2021-4.0-0110", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-110", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:32:15", "description": "Updates of ['krb5'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-01T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0062", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-36054"], "modified": "2023-08-01T00:00:00", "id": "PHSA-2023-5.0-0062", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:33:44", "description": "Updates of ['ncurses'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-06-13T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0024", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-29491", "CVE-2023-34060"], "modified": "2023-06-13T00:00:00", "id": "PHSA-2023-5.0-0024", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:13:56", "description": "Updates of ['nettle'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-03-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0119", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6489", "CVE-2023-34060"], "modified": "2018-03-23T00:00:00", "id": "PHSA-2018-0119", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:15:59", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-03-28T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2017-0031", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2636", "CVE-2023-34060"], "modified": "2017-03-28T00:00:00", "id": "PHSA-2017-0031", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:14:34", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-10-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2017-0075", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14340", "CVE-2023-34060"], "modified": "2017-10-04T00:00:00", "id": "PHSA-2017-0075", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-75", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:11:42", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2018-0151", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3639", "CVE-2023-34060"], "modified": "2018-06-22T00:00:00", "id": "PHSA-2018-0151", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-151", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:19:39", "description": "Updates of ['python-py'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0258", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29651", "CVE-2023-34060"], "modified": "2021-06-24T00:00:00", "id": "PHSA-2021-3.0-0258", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-258", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:20:36", "description": "Updates of ['binutils'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0230", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487", "CVE-2023-34060"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-3.0-0230", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-230", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:21:25", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-16T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0220", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3470", "CVE-2023-34060"], "modified": "2021-04-16T00:00:00", "id": "PHSA-2021-3.0-0220", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-220", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:18:53", "description": "Updates of ['nettle'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0286", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3580", "CVE-2023-34060"], "modified": "2021-08-19T00:00:00", "id": "PHSA-2021-3.0-0286", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-286", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:18:56", "description": "Updates of ['consul'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0279", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32574", "CVE-2023-34060"], "modified": "2021-08-04T00:00:00", "id": "PHSA-2021-3.0-0279", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-279", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:19:13", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-07-23T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0272", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13529", "CVE-2023-34060"], "modified": "2021-07-23T00:00:00", "id": "PHSA-2021-3.0-0272", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-272", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:07:33", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-12-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0349", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25692", "CVE-2023-34060"], "modified": "2020-12-17T00:00:00", "id": "PHSA-2020-0349", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-349", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:04:38", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-06-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0299", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5995", "CVE-2023-34060"], "modified": "2020-06-07T00:00:00", "id": "PHSA-2020-0299", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-299", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:43:39", "description": "Updates of ['runc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0275", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19921", "CVE-2023-34060"], "modified": "2020-08-22T00:00:00", "id": "PHSA-2020-0275", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-275", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:32:29", "description": "Updates of ['libxml2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-09-08T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0514", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2309", "CVE-2023-34060"], "modified": "2022-09-08T00:00:00", "id": "PHSA-2022-0514", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-514", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:32:45", "description": "Updates of ['zlib'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0508", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37434", "CVE-2023-34060"], "modified": "2022-08-17T00:00:00", "id": "PHSA-2022-0508", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-508", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:48:57", "description": "Updates of ['python3'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-09-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0176", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16056", "CVE-2023-34060"], "modified": "2019-09-23T00:00:00", "id": "PHSA-2019-0176", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-176", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T21:49:28", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-06-21T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0166", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6954", "CVE-2023-34060"], "modified": "2019-06-21T00:00:00", "id": "PHSA-2019-0166", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-166", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:10:28", "description": "Updates of ['httpd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-09-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0181", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1333", "CVE-2023-34060"], "modified": "2018-09-05T00:00:00", "id": "PHSA-2018-0181", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-181", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:25:39", "description": "Updates of ['python2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-05T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0492", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000802", "CVE-2023-34060"], "modified": "2022-07-05T00:00:00", "id": "PHSA-2022-0492", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-492", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:56:09", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-08-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0315", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8231", "CVE-2023-34060"], "modified": "2020-08-20T00:00:00", "id": "PHSA-2020-0315", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-315", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:59:46", "description": "Updates of ['apache-tomcat'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-07-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0244", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10072", "CVE-2023-34060"], "modified": "2019-07-19T00:00:00", "id": "PHSA-2019-0244", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-244", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:38:53", "description": "Updates of ['PyYAML'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-03-08T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0217", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20477", "CVE-2023-34060"], "modified": "2020-03-08T00:00:00", "id": "PHSA-2020-0217", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-217", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:37:10", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0243", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008", "CVE-2023-34060"], "modified": "2020-05-14T00:00:00", "id": "PHSA-2020-0243", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-243", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:57:23", "description": "Updates of ['go'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2023-3.0-0670", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-39323"], "modified": "2023-10-17T00:00:00", "id": "PHSA-2023-3.0-0670", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-670", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:56:46", "description": "Updates of ['traceroute'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-05T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-3.0-0682", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-46316"], "modified": "2023-11-05T00:00:00", "id": "PHSA-2023-3.0-0682", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-682", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:52:36", "description": "Updates of ['util-linux'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-17T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0081", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37600", "CVE-2023-34060"], "modified": "2021-08-17T00:00:00", "id": "PHSA-2021-4.0-0081", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-81", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:55:50", "description": "Updates of ['tar'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-15T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0010", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20193", "CVE-2023-34060"], "modified": "2021-04-15T00:00:00", "id": "PHSA-2021-4.0-0010", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:11:31", "description": "Updates of ['openssh'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0313", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41617", "CVE-2023-34060"], "modified": "2021-10-15T00:00:00", "id": "PHSA-2021-3.0-0313", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:12:08", "description": "Updates of ['libgd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-14T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0298", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40145", "CVE-2023-34060"], "modified": "2021-09-14T00:00:00", "id": "PHSA-2021-3.0-0298", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-298", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:51:02", "description": "Updates of ['libgcrypt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-11-05T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0124", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40528", "CVE-2023-34060"], "modified": "2021-11-05T00:00:00", "id": "PHSA-2021-4.0-0124", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-124", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:42:16", "description": "Updates of ['harfbuzz'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0339", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-25193", "CVE-2023-34060"], "modified": "2023-02-23T00:00:00", "id": "PHSA-2023-4.0-0339", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:42:55", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-01-31T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-4.0-0324", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47024", "CVE-2023-34060"], "modified": "2023-01-31T00:00:00", "id": "PHSA-2023-4.0-0324", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-324", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T02:49:18", "description": "Updates of ['openssl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-03-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0162", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0778", "CVE-2023-34060"], "modified": "2022-03-16T00:00:00", "id": "PHSA-2022-4.0-0162", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-162", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T05:48:01", "description": "Updates of ['linux', 'linux-rt', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0338", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-4129", "CVE-2023-34060"], "modified": "2023-02-22T00:00:00", "id": "PHSA-2023-4.0-0338", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-338", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:04:26", "description": "Updates of ['python3'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0489", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-45061", "CVE-2023-34060"], "modified": "2022-11-17T00:00:00", "id": "PHSA-2022-3.0-0489", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-489", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T05:37:25", "description": "Updates of ['linux', 'linux-rt', 'linux-esx', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0103", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-42756"], "modified": "2023-09-29T00:00:00", "id": "PHSA-2023-5.0-0103", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-103", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T05:37:31", "description": "Updates of ['linux', 'linux-rt', 'linux-esx', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-27T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0102", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060", "CVE-2023-42755"], "modified": "2023-09-27T00:00:00", "id": "PHSA-2023-5.0-0102", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-102", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:32:06", "description": "Updates of ['cifs-utils'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-14T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0344", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20208", "CVE-2023-34060"], "modified": "2021-05-14T00:00:00", "id": "PHSA-2021-0344", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-344", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:32:45", "description": "Updates of ['nettle'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-21T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0339", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20305", "CVE-2023-34060"], "modified": "2021-04-21T00:00:00", "id": "PHSA-2021-0339", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:12:14", "description": "Updates of ['libvirt'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0261", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10161", "CVE-2023-34060"], "modified": "2021-06-29T00:00:00", "id": "PHSA-2021-3.0-0261", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-261", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T03:26:54", "description": "Updates of ['libtirpc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-06T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0504", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46828", "CVE-2023-34060"], "modified": "2022-08-06T00:00:00", "id": "PHSA-2022-0504", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-504", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T06:22:41", "description": "Updates of ['linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0098", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20669", "CVE-2023-34060"], "modified": "2020-05-30T00:00:00", "id": "PHSA-2020-3.0-0098", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-98", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:00:41", "description": "Updates of ['postgresql13'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-02-10T00:00:00", "type": "photon", "title": "Low Photon OS Security Update - PHSA-2023-3.0-0531", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41862", "CVE-2023-34060"], "modified": "2023-02-10T00:00:00", "id": "PHSA-2023-3.0-0531", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-531", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:31:23", "description": "Updates of ['hwloc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-01T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-5.0-0086", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-47022", "CVE-2023-34060"], "modified": "2023-09-01T00:00:00", "id": "PHSA-2023-5.0-0086", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-86", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:36:19", "description": "Updates of ['sqlite'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-04-22T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0234", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9327", "CVE-2023-34060"], "modified": "2020-04-22T00:00:00", "id": "PHSA-2020-0234", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-234", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:40:45", "description": "Updates of ['libssh2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-03-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0146", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3855", "CVE-2023-34060"], "modified": "2019-03-29T00:00:00", "id": "PHSA-2019-0146", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-146", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T19:02:39", "description": "Updates of ['systemd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-03-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0116", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18078", "CVE-2023-34060"], "modified": "2018-03-19T00:00:00", "id": "PHSA-2018-0116", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-116", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T19:01:37", "description": "Updates of ['unzip'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-01T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0144", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000035", "CVE-2023-34060"], "modified": "2018-06-01T00:00:00", "id": "PHSA-2018-0144", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T19:01:19", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0153", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10853", "CVE-2023-34060"], "modified": "2018-06-27T00:00:00", "id": "PHSA-2018-0153", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-153", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:21:35", "description": "Updates of ['linux-aws', 'linux-esx', 'linux', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0542", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-43750", "CVE-2023-34060"], "modified": "2022-11-18T00:00:00", "id": "PHSA-2022-0542", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-542", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:50:04", "description": "Updates of ['python3-babel'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-11-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0123", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-42771", "CVE-2023-34060"], "modified": "2021-11-04T00:00:00", "id": "PHSA-2021-4.0-0123", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-123", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:47:43", "description": "Updates of ['ncurses'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0445", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39537", "CVE-2023-34060"], "modified": "2021-10-20T00:00:00", "id": "PHSA-2021-0445", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-445", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:48:45", "description": "Updates of ['cpio'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-09-04T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0432", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38185", "CVE-2023-34060"], "modified": "2021-09-04T00:00:00", "id": "PHSA-2021-0432", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-432", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:52:38", "description": "Updates of ['glibc'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-12-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0343", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-7309", "CVE-2023-34060"], "modified": "2020-12-03T00:00:00", "id": "PHSA-2020-0343", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-343", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:49:31", "description": "Updates of ['envoy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0405", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29492", "CVE-2023-34060"], "modified": "2021-06-19T00:00:00", "id": "PHSA-2021-0405", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-405", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:50:54", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-13T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0380", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3470", "CVE-2023-34060"], "modified": "2021-04-13T00:00:00", "id": "PHSA-2021-0380", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-380", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:50:51", "description": "Updates of ['c-ares'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-07T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0378", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8277", "CVE-2023-34060"], "modified": "2021-04-07T00:00:00", "id": "PHSA-2021-0378", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-378", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:51:49", "description": "Updates of ['PyYAML'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-22T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0361", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14343", "CVE-2023-34060"], "modified": "2021-02-22T00:00:00", "id": "PHSA-2021-0361", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-361", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T18:47:08", "description": "Updates of ['expat'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-02T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0466", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2023-34060"], "modified": "2022-02-02T00:00:00", "id": "PHSA-2022-0466", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-466", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:46:15", "description": "Updates of ['cassandra'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-02-21T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0474", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44521", "CVE-2023-34060"], "modified": "2022-02-21T00:00:00", "id": "PHSA-2022-0474", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-474", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T18:51:43", "description": "Updates of ['atftp'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-01-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0357", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-6097", "CVE-2023-34060"], "modified": "2021-01-24T00:00:00", "id": "PHSA-2021-0357", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-357", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:44:05", "description": "Updates of ['unzip'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2018-06-01T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0052", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000035", "CVE-2023-34060"], "modified": "2018-06-01T00:00:00", "id": "PHSA-2018-0052", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-52", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:17:12", "description": "Updates of ['WALinuxAgent'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-05-14T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-3.0-0090", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0804", "CVE-2023-34060"], "modified": "2020-05-14T00:00:00", "id": "PHSA-2020-3.0-0090", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-90", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:55:55", "description": "Updates of ['bash'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-02-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0277", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18276", "CVE-2023-34060"], "modified": "2020-02-15T00:00:00", "id": "PHSA-2020-0277", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-277", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T19:00:13", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0186", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0500", "CVE-2023-34060"], "modified": "2018-09-19T00:00:00", "id": "PHSA-2018-0186", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-186", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:55:23", "description": "Updates of ['envoy'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-04-02T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2020-0286", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8660", "CVE-2023-34060"], "modified": "2020-04-02T00:00:00", "id": "PHSA-2020-0286", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-286", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:39:02", "description": "Updates of ['etcd'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-25T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0398", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-32082", "CVE-2023-34060"], "modified": "2023-05-25T00:00:00", "id": "PHSA-2023-4.0-0398", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-398", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:39:17", "description": "Updates of ['bazel'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-22T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0396", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3474", "CVE-2023-34060"], "modified": "2023-05-22T00:00:00", "id": "PHSA-2023-4.0-0396", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-396", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:39:10", "description": "Updates of ['bluez'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-17T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-4.0-0392", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-27349", "CVE-2023-34060"], "modified": "2023-05-17T00:00:00", "id": "PHSA-2023-4.0-0392", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-392", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:43:13", "description": "Updates of ['tpm2-tools'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-12-09T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0294", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3565", "CVE-2023-34060"], "modified": "2022-12-09T00:00:00", "id": "PHSA-2022-4.0-0294", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:43:56", "description": "Updates of ['powershell'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-11-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0274", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23267", "CVE-2023-34060"], "modified": "2022-11-03T00:00:00", "id": "PHSA-2022-4.0-0274", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-274", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:44:16", "description": "Updates of ['nodejs'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-10-12T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0262", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-32213", "CVE-2023-34060"], "modified": "2022-10-12T00:00:00", "id": "PHSA-2022-4.0-0262", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:51:06", "description": "Updates of ['ruby'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-20T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0084", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32066", "CVE-2023-34060"], "modified": "2021-08-20T00:00:00", "id": "PHSA-2021-4.0-0084", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-84", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:52:12", "description": "Updates of ['tcl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-07-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0062", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35331", "CVE-2023-34060"], "modified": "2021-07-19T00:00:00", "id": "PHSA-2021-4.0-0062", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-62", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:02", "description": "Updates of ['python3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-4.0-0028", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29921", "CVE-2023-34060"], "modified": "2021-05-19T00:00:00", "id": "PHSA-2021-4.0-0028", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:53:42", "description": "Updates of ['tmux'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-05-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0026", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27347", "CVE-2023-34060"], "modified": "2021-05-18T00:00:00", "id": "PHSA-2021-4.0-0026", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-26", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:54:20", "description": "Updates of ['wpa_supplicant'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-04-24T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0014", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30004", "CVE-2023-34060"], "modified": "2021-04-24T00:00:00", "id": "PHSA-2021-4.0-0014", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:45:45", "description": "Updates of ['libxml2'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-12T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0227", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2309", "CVE-2023-34060"], "modified": "2022-08-12T00:00:00", "id": "PHSA-2022-4.0-0227", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-227", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:47:11", "description": "Updates of ['openldap'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-22T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-4.0-0188", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29155", "CVE-2023-34060"], "modified": "2022-05-22T00:00:00", "id": "PHSA-2022-4.0-0188", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-188", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:13", "description": "Updates of ['postgresql'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0441", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2625", "CVE-2023-34060"], "modified": "2022-08-23T00:00:00", "id": "PHSA-2022-3.0-0441", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-441", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:04:57", "description": "Updates of ['ImageMagick'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-26T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-3.0-0443", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2719", "CVE-2023-34060"], "modified": "2022-08-26T00:00:00", "id": "PHSA-2022-3.0-0443", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-443", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:04:09", "description": "Updates of ['kafka'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-10-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0471", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34917", "CVE-2023-34060"], "modified": "2022-10-19T00:00:00", "id": "PHSA-2022-3.0-0471", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-471", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:56:17", "description": "Updates of ['tornado'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2023-3.0-0663", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-28370", "CVE-2023-34060"], "modified": "2023-10-07T00:00:00", "id": "PHSA-2023-3.0-0663", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-663", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:51", "description": "Updates of ['vim'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-08-03T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-3.0-0429", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2231", "CVE-2023-34060"], "modified": "2022-08-03T00:00:00", "id": "PHSA-2022-3.0-0429", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-429", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:41", "description": "Updates of ['gnupg'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-3.0-0428", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-34903", "CVE-2023-34060"], "modified": "2022-07-29T00:00:00", "id": "PHSA-2022-3.0-0428", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-428", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T18:05:38", "description": "Updates of ['lua'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-07-16T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0422", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-33099", "CVE-2023-34060"], "modified": "2022-07-16T00:00:00", "id": "PHSA-2022-3.0-0422", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-422", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:47:17", "description": "Updates of ['git'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-05-17T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0184", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24765", "CVE-2023-34060"], "modified": "2022-05-17T00:00:00", "id": "PHSA-2022-4.0-0184", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-184", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:51:16", "description": "Updates of ['curl'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-24T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0086", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22926", "CVE-2023-34060"], "modified": "2021-08-24T00:00:00", "id": "PHSA-2021-4.0-0086", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-86", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:51:32", "description": "Updates of ['openvswitch'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-08-31T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-4.0-0091", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36980", "CVE-2023-34060"], "modified": "2021-08-31T00:00:00", "id": "PHSA-2021-4.0-0091", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-91", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:52:53", "description": "Updates of ['redis'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-06-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0050", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32625", "CVE-2023-34060"], "modified": "2021-06-23T00:00:00", "id": "PHSA-2021-4.0-0050", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-50", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:42:41", "description": "Updates of ['nss'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-05-28T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2023-5.0-0014", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3479", "CVE-2023-34060"], "modified": "2023-05-28T00:00:00", "id": "PHSA-2023-5.0-0014", "href": "https://github.com/vmware/photon/wiki/Security-Update-5.0-14", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:42:31", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9232 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : expat (ELSA-2022-9232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23990"], "modified": "2022-11-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:expat", "p-cpe:/a:oracle:linux:expat-devel"], "id": "ORACLELINUX_ELSA-2022-9232.NASL", "href": "https://www.tenable.com/plugins/nessus/159057", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9232.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159057);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2022-23990\");\n\n script_name(english:\"Oracle Linux 8 : expat (ELSA-2022-9232)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9232 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9232.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat and / or expat-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23990\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'expat-2.2.5-4.0.1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.2.5-4.0.1.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.2.5-4.0.1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.2.5-4.0.1.el8_5.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.2.5-4.0.1.el8_5.3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.2.5-4.0.1.el8_5.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / expat-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:36", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7811 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-30T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : mingw-expat (RLSA-2022:7811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23990"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:mingw32-expat", "p-cpe:/a:rocky:linux:mingw32-expat-debuginfo", "p-cpe:/a:rocky:linux:mingw32-expat-static", "p-cpe:/a:rocky:linux:mingw64-expat", "p-cpe:/a:rocky:linux:mingw64-expat-debuginfo", "p-cpe:/a:rocky:linux:mingw64-expat-static", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7811.NASL", "href": "https://www.tenable.com/plugins/nessus/170780", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7811.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170780);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-23990\");\n script_xref(name:\"RLSA\", value:\"2022:7811\");\n\n script_name(english:\"Rocky Linux 8 : mingw-expat (RLSA-2022:7811)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:7811 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2048356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056354\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2056370\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23990\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mingw32-expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mingw32-expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mingw32-expat-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mingw64-expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mingw64-expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mingw64-expat-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'mingw32-expat-2.4.8-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-expat-debuginfo-2.4.8-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw32-expat-static-2.4.8-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-expat-2.4.8-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-expat-debuginfo-2.4.8-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mingw64-expat-static-2.4.8-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mingw32-expat / mingw32-expat-debuginfo / mingw32-expat-static / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T08:24:57", "description": "The version of expat installed on the remote host is prior to 2.1.0-15.34. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1882 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-03T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : expat (ALAS-2023-1882)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23990"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:expat", "p-cpe:/a:amazon:linux:expat-debuginfo", "p-cpe:/a:amazon:linux:expat-devel"], "id": "ALA_ALAS-2023-1882.NASL", "href": "https://www.tenable.com/plugins/nessus/184394", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1882.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184394);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2022-23990\");\n\n script_name(english:\"Amazon Linux AMI : expat (ALAS-2023-1882)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of expat installed on the remote host is prior to 2.1.0-15.34. It is, therefore, affected by a vulnerability\nas referenced in the ALAS-2023-1882 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1882.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23990.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update expat' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23990\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'expat-2.1.0-15.34.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.1.0-15.34.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-debuginfo-2.1.0-15.34.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-debuginfo-2.1.0-15.34.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-15.34.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-15.34.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-07T16:26:01", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9227 advisory.\n\n - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : expat (ELSA-2022-9227)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-46143", "CVE-2022-23990"], "modified": "2023-11-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:expat", "p-cpe:/a:oracle:linux:expat-devel", "p-cpe:/a:oracle:linux:expat-static"], "id": "ORACLELINUX_ELSA-2022-9227.NASL", "href": "https://www.tenable.com/plugins/nessus/158997", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9227.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158997);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\"CVE-2021-46143\", \"CVE-2022-23990\");\n\n script_name(english:\"Oracle Linux 7 : expat (ELSA-2022-9227)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9227 advisory.\n\n - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for\n m_groupSize. (CVE-2021-46143)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9227.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat, expat-devel and / or expat-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-46143\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:expat-static\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'expat-2.1.0-12.0.1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.1.0-12.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.1.0-12.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-12.0.1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-12.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-12.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-static-2.1.0-12.0.1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-static-2.1.0-12.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-static-2.1.0-12.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / expat-devel / expat-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:07:56", "description": "According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1645)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:expat", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1645.NASL", "href": "https://www.tenable.com/plugins/nessus/160656", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160656);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2022-23852\", \"CVE-2022-23990\");\n\n script_name(english:\"EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1645)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1645\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a143a40\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"expat-2.2.9-2.h4.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T16:16:13", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0495-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : expat (SUSE-SU-2022:0495-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-11-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:expat", "p-cpe:/a:novell:suse_linux:libexpat-devel", "p-cpe:/a:novell:suse_linux:libexpat1", "p-cpe:/a:novell:suse_linux:libexpat1-32bit", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0495-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158181", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0495-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158181);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/08\");\n\n script_cve_id(\"CVE-2022-23852\", \"CVE-2022-23990\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0495-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : expat (SUSE-SU-2022:0495-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0495-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23990\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010253.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?092aa570\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat, libexpat-devel, libexpat1 and / or libexpat1-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'expat-2.1.0-21.15.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libexpat-devel-2.1.0-21.15.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'expat-2.1.0-21.15.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libexpat1-2.1.0-21.15.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'libexpat1-32bit-2.1.0-21.15.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / libexpat-devel / libexpat1 / libexpat1-32bit');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T09:47:15", "description": "The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2280 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\n - In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. (CVE-2022-25313)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-10-05T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : expat (ALAS-2023-2280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23990", "CVE-2022-25313"], "modified": "2023-10-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:expat", "p-cpe:/a:amazon:linux:expat-debuginfo", "p-cpe:/a:amazon:linux:expat-devel", "p-cpe:/a:amazon:linux:expat-static"], "id": "AL2_ALAS-2023-2280.NASL", "href": "https://www.tenable.com/plugins/nessus/182625", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-2280.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(182625);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/05\");\n\n script_cve_id(\"CVE-2022-23990\", \"CVE-2022-25313\");\n\n script_name(english:\"Amazon Linux 2 : expat (ALAS-2023-2280)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2023-2280 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\n - In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large\n nesting depth in the DTD element. (CVE-2022-25313)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-2280.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23990.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-25313.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update expat' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23990\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:expat-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'expat-2.1.0-15.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.1.0-15.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-2.1.0-15.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-debuginfo-2.1.0-15.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-debuginfo-2.1.0-15.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-debuginfo-2.1.0-15.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-15.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-15.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-devel-2.1.0-15.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-static-2.1.0-15.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-static-2.1.0-15.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'expat-static-2.1.0-15.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat / expat-debuginfo / expat-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T16:16:13", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0498-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-22T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : expat (openSUSE-SU-2022:0498-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:expat", "p-cpe:/a:novell:opensuse:libexpat-devel", "p-cpe:/a:novell:opensuse:libexpat-devel-32bit", "p-cpe:/a:novell:opensuse:libexpat1", "p-cpe:/a:novell:opensuse:libexpat1-32bit", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0498-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158222", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0498-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158222);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\"CVE-2022-23852\", \"CVE-2022-23990\");\n\n script_name(english:\"openSUSE 15 Security Update : expat (openSUSE-SU-2022:0498-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0498-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195217\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2BCJZG2PLWMYBP7YS7O3T6NSE3AKSEBB/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1622b672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'expat-2.2.5-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libexpat-devel-32bit-2.2.5-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libexpat1-2.2.5-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / libexpat-devel / libexpat-devel-32bit / libexpat1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-10T16:16:18", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14884-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : expat (SUSE-SU-2022:14884-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-11-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:expat", "p-cpe:/a:novell:suse_linux:libexpat1", "p-cpe:/a:novell:suse_linux:libexpat1-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2022-14884-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157868", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:14884-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157868);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/09\");\n\n script_cve_id(\"CVE-2022-23852\", \"CVE-2022-23990\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:14884-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : expat (SUSE-SU-2022:14884-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:14884-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23990\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010199.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3eb827e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat, libexpat1 and / or libexpat1-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'expat-2.0.1-88.42.15.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'libexpat1-2.0.1-88.42.15.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'libexpat1-32bit-2.0.1-88.42.15.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'libexpat1-32bit-2.0.1-88.42.15.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / libexpat1 / libexpat1-32bit');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T15:24:19", "description": "According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1659)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:expat", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1659.NASL", "href": "https://www.tenable.com/plugins/nessus/160647", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160647);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2022-23852\", \"CVE-2022-23990\");\n\n script_name(english:\"EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1659)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1659\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6f33f11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"expat-2.2.9-2.h4.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"expat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-09T16:58:14", "description": "The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0498-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2022:0498-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-11-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:expat", "p-cpe:/a:novell:suse_linux:libexpat-devel", "p-cpe:/a:novell:suse_linux:libexpat1", "p-cpe:/a:novell:suse_linux:libexpat1-32bit", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0498-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158190", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0498-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158190);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/08\");\n\n script_cve_id(\"CVE-2022-23852\", \"CVE-2022-23990\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0498-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2022:0498-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:0498-1 advisory.\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23990\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010268.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90268a60\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected expat, libexpat-devel, libexpat1 and / or libexpat1-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:expat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libexpat1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1/2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'expat-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libexpat1-32bit-2.2.5-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'expat-2.2.5-3.12.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libexpat-devel-2.2.5-3.12.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'libexpat1-2.2.5-3.12.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'expat / libexpat-devel / libexpat1 / libexpat1-32bit');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:47:48", "description": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-17T00:00:00", "type": "nessus", "title": "VMware Cloud Director Authentication Bypass (VMSA-2023-0026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-22T00:00:00", "cpe": ["cpe:/a:vmware:vcloud_director"], "id": "VMWARE_CLOUD_DIRECTOR_VMSA-2023-0026.NASL", "href": "https://www.tenable.com/plugins/nessus/185949", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185949);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\"CVE-2023-34060\");\n script_xref(name:\"VMSA\", value:\"2023-0026\");\n\n script_name(english:\"VMware Cloud Director Authentication Bypass (VMSA-2023-0026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization appliance installed on the remote host is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director \nAppliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, \na malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 \n(ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant \nlogin). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2023-0026.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.vmware.com/s/article/88176\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the vendor advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-34060\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcloud_director\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_vcloud_director_installed.nbin\");\n script_require_keys(\"Host/VMware vCloud Director/Version\", \"Host/VMware vCloud Director/Build\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nif (report_paranoia < 2) \n audit(AUDIT_PARANOID);\n\nvar version = get_kb_item_or_exit(\"Host/VMware vCloud Director/Version\");\n\nget_kb_item_or_exit('Host/PhotonOS/release');\n\nvar app_info = {\n 'version' : version,\n 'parsed_version': vcf::parse_version(version),\n 'app' : 'VMware vCloud Director'\n};\n\n# adding paranoid check, only deployments that have upgraded to 10.5 from an older release are impacted \nvar constraints = [ { 'equal' : '10.5.0', 'fixed_display' : 'See vendor advisory'} ];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cnvd": [{"lastseen": "2022-11-04T13:27:15", "description": "Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists in versions of Expat prior to 2.4.4, which stems from a boundary error when processing untrusted input and can be exploited by remote attackers to execute arbitrary code on the system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-28T00:00:00", "type": "cnvd", "title": "Expat integer overflow vulnerability", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-03-11T00:00:00", "id": "CNVD-2022-18358", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-18358", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-05T07:03:22", "description": "Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-22T00:00:00", "type": "cnvd", "title": "Vim Buffer Overflow Vulnerability (CNVD-2022-05073)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2022-01-19T00:00:00", "id": "CNVD-2022-05073", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-05073", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-11-28T02:43:32", "description": "**Issue Overview:**\n\nExpat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\n \n**Affected Packages:** \n\n\nexpat\n\n \n**Issue Correction:** \nRun _yum update expat_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 expat-devel-2.1.0-15.34.amzn1.i686 \n \u00a0\u00a0\u00a0 expat-2.1.0-15.34.amzn1.i686 \n \u00a0\u00a0\u00a0 expat-debuginfo-2.1.0-15.34.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 expat-2.1.0-15.34.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 expat-devel-2.1.0-15.34.amzn1.x86_64 \n \u00a0\u00a0\u00a0 expat-2.1.0-15.34.amzn1.x86_64 \n \u00a0\u00a0\u00a0 expat-debuginfo-2.1.0-15.34.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2022-23990](<https://access.redhat.com/security/cve/CVE-2022-23990>)\n\nMitre: [CVE-2022-23990](<https://vulners.com/cve/CVE-2022-23990>)\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-30T23:31:00", "type": "amazon", "title": "Medium: expat", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-11-03T17:55:00", "id": "ALAS-2023-1882", "href": "https://alas.aws.amazon.com/ALAS-2023-1882.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T03:38:42", "description": "**Issue Overview:**\n\nExpat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)\n\nA flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service. (CVE-2022-25313)\n\n \n**Affected Packages:** \n\n\nexpat\n\n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 core and AL2 extras advisories. \n\n \n**Issue Correction:** \nRun _yum update expat_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 expat-2.1.0-15.amzn2.0.3.aarch64 \n \u00a0\u00a0\u00a0 expat-devel-2.1.0-15.amzn2.0.3.aarch64 \n \u00a0\u00a0\u00a0 expat-static-2.1.0-15.amzn2.0.3.aarch64 \n \u00a0\u00a0\u00a0 expat-debuginfo-2.1.0-15.amzn2.0.3.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 expat-2.1.0-15.amzn2.0.3.i686 \n \u00a0\u00a0\u00a0 expat-devel-2.1.0-15.amzn2.0.3.i686 \n \u00a0\u00a0\u00a0 expat-static-2.1.0-15.amzn2.0.3.i686 \n \u00a0\u00a0\u00a0 expat-debuginfo-2.1.0-15.amzn2.0.3.i686 \n \n src: \n \u00a0\u00a0\u00a0 expat-2.1.0-15.amzn2.0.3.src \n \n x86_64: \n \u00a0\u00a0\u00a0 expat-2.1.0-15.amzn2.0.3.x86_64 \n \u00a0\u00a0\u00a0 expat-devel-2.1.0-15.amzn2.0.3.x86_64 \n \u00a0\u00a0\u00a0 expat-static-2.1.0-15.amzn2.0.3.x86_64 \n \u00a0\u00a0\u00a0 expat-debuginfo-2.1.0-15.amzn2.0.3.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2022-23990](<https://access.redhat.com/security/cve/CVE-2022-23990>), [CVE-2022-25313](<https://access.redhat.com/security/cve/CVE-2022-25313>)\n\nMitre: [CVE-2022-23990](<https://vulners.com/cve/CVE-2022-23990>), [CVE-2022-25313](<https://vulners.com/cve/CVE-2022-25313>)\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-27T22:49:00", "type": "amazon", "title": "Medium: expat", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990", "CVE-2022-25313"], "modified": "2023-10-05T22:15:00", "id": "ALAS2-2023-2280", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-2280.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cbl_mariner": [{"lastseen": "2023-11-28T15:13:10", "description": "CVE-2022-23990 affecting package expat 2.4.3-2. An upgraded version of the package is available that resolves this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-26T20:17:03", "type": "cbl_mariner", "title": "CVE-2022-23990 affecting package expat 2.4.3-2", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-04-26T20:17:03", "id": "CBLMARINER:8334", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T15:13:07", "description": "CVE-2022-23990 affecting package expat 2.4.3-1. An upgraded version of the package is available that resolves this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-25T01:45:35", "type": "cbl_mariner", "title": "CVE-2022-23990 affecting package expat 2.4.3-1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-02-25T01:45:35", "id": "CBLMARINER:8328", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T02:18:04", "description": "CVE-2021-3872 affecting package vim 8.2.3441-2. An upgraded version of the package is available that resolves this issue.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-11-09T00:28:51", "type": "cbl_mariner", "title": "CVE-2021-3872 affecting package vim 8.2.3441-2", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-11-09T00:28:51", "id": "CBLMARINER:6028", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-11-28T16:18:58", "description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-26T19:15:08", "type": "cve", "title": "CVE-2022-23990", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-11-07T03:44:21", "cpe": [], "id": "CVE-2022-23990", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2023-11-28T16:11:12", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T13:15:11", "type": "cve", "title": "CVE-2021-3872", "cwe": ["CWE-122", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2023-11-07T03:38:19", "cpe": [], "id": "CVE-2021-3872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-11-27T17:16:39", "description": "VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from\nan older version.\u00a0On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login\nrestrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider\nand tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\u00a0VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5).", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-14T21:15:09", "type": "cve", "title": "CVE-2023-34060", "cwe": ["CWE-306"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-21T19:59:44", "cpe": [], "id": "CVE-2023-34060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34060", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "debiancve": [{"lastseen": "2023-11-28T18:21:19", "description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-26T19:15:08", "type": "debiancve", "title": "CVE-2022-23990", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-01-26T19:15:08", "id": "DEBIANCVE:CVE-2022-23990", "href": "https://security-tracker.debian.org/tracker/CVE-2022-23990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T02:27:51", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T13:15:11", "type": "debiancve", "title": "CVE-2021-3872", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-10-19T13:15:11", "id": "DEBIANCVE:CVE-2021-3872", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-03-03T15:50:00", "description": "Bulletin has no description", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-01T00:00:00", "type": "osv", "title": "In closeString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-03-03T15:40:47", "id": "OSV:ASB-A-221256678", "href": "https://osv.dev/vulnerability/ASB-A-221256678", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-31T18:46:50", "description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "cvss3": {}, "published": "2022-01-26T19:15:00", "type": "osv", "title": "CVE-2022-23990", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-23990"], "modified": "2022-10-31T18:46:45", "id": "OSV:CVE-2022-23990", "href": "https://osv.dev/vulnerability/CVE-2022-23990", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-11-28T13:53:01", "description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog\nfunction.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) \n[rodrigo-zaiden](<https://launchpad.net/~rodrigo-zaiden>) | libxmltok does not include in_eldec in dtd, so, it is not affected.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-26T00:00:00", "type": "ubuntucve", "title": "CVE-2022-23990", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-01-26T00:00:00", "id": "UB:CVE-2022-23990", "href": "https://ubuntu.com/security/CVE-2022-23990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T13:59:33", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3872", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-10-19T00:00:00", "id": "UB:CVE-2021-3872", "href": "https://ubuntu.com/security/CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2023-11-28T16:44:49", "description": "New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/expat-2.4.3-i586-3_slack14.2.txz: Rebuilt.\n Prevent integer overflow in doProlog.\n For more information, see:\n https://vulners.com/cve/CVE-2022-23990\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/expat-2.4.3-i486-3_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/expat-2.4.3-x86_64-3_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/expat-2.4.3-i486-3_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/expat-2.4.3-x86_64-3_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/expat-2.4.3-i586-3_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/expat-2.4.3-x86_64-3_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.4.3-i586-3.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.4.3-x86_64-3.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n83ad43bedb960f951754cefce7bf6ec5 expat-2.4.3-i486-3_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n35256593bf5efc25125904b30fd71304 expat-2.4.3-x86_64-3_slack14.0.txz\n\nSlackware 14.1 package:\n6a26bd66d2e68fcdee1bc917bab5dc52 expat-2.4.3-i486-3_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n6c73ea974f333b4b08a63308bbc16368 expat-2.4.3-x86_64-3_slack14.1.txz\n\nSlackware 14.2 package:\ncc4973d5c4956e7a9ae4055648ca063b expat-2.4.3-i586-3_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n3ec0df6fa734670368f91d0ab2538d29 expat-2.4.3-x86_64-3_slack14.2.txz\n\nSlackware -current package:\n1040ce35ab452a49d02251ed654463b1 l/expat-2.4.3-i586-3.txz\n\nSlackware x86_64 -current package:\n9fdb775e2bf314015578044b60dfe481 l/expat-2.4.3-x86_64-3.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg expat-2.4.3-i586-3_slack14.2.txz", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-27T22:58:35", "type": "slackware", "title": "[slackware-security] expat", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-01-27T22:58:35", "id": "SSA-2022-027-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2022&m=slackware-security.412000", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-20T23:27:17", "description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-26T19:15:00", "type": "prion", "title": "Integer overflow", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-10-31T17:44:00", "id": "PRION:CVE-2022-23990", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2022-23990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-22T00:59:17", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-19T13:15:00", "type": "prion", "title": "Heap overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2022-09-01T13:57:00", "id": "PRION:CVE-2021-3872", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-11-28T01:34:29", "description": "This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-02-12T01:20:38", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: mingw-expat-2.4.4-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-02-12T01:20:38", "id": "FEDORA:6614231CDAAA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T01:34:29", "description": "This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. A start tag is an example of the kind of structures for which you may register handlers. ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-02-12T01:16:47", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: mingw-expat-2.4.4-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-02-12T01:16:47", "id": "FEDORA:30BBB312BAA9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-11-28T02:37:49", "description": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-31T04:59:08", "type": "redhatcve", "title": "CVE-2022-23990", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-05-17T12:28:43", "id": "RH:CVE-2022-23990", "href": "https://access.redhat.com/security/cve/cve-2022-23990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-28T02:39:03", "description": "An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an attacker to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.\n#### Mitigation\n\nSince this flaw requires user interaction, mitigation is to not open files from untrusted sources using vim. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "security@huntr.dev", "type": "Secondary", "impactScore": 5.9}, "published": "2021-10-20T18:14:37", "type": "redhatcve", "title": "CVE-2021-3872", "bulletinFamily": "info", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2023-11-22T20:24:22", "id": "RH:CVE-2021-3872", "href": "https://access.redhat.com/security/cve/cve-2021-3872", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:22:22", "description": "libexpat.so is vulnerable to integer overflow. The vulnerability exists in the `doProlog` function in the `xmlparse.c` file, allowing an attacker to cause an application crash.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-27T03:56:50", "type": "veracode", "title": "Integer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-10-31T18:17:26", "id": "VERACODE:33920", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33920/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-21T12:39:48", "description": "vim is vulnerable denial of service. The vulnerability exists due to Heap-based Buffer Overflow.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T14:03:43", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2022-03-29T22:42:07", "id": "VERACODE:32796", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32796/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2022-03-18T01:28:58", "description": "[2.2.5-4.0.1.3]\n- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-18T00:00:00", "type": "oraclelinux", "title": "expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-03-18T00:00:00", "id": "ELSA-2022-9232", "href": "http://linux.oracle.com/errata/ELSA-2022-9232.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-16T23:37:25", "description": "[2.1.0-12.0.1]\n- lib: Prevent integer overflow on groupSize [CVE-2021-46143][Orabug: 33910302]\n- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-16T00:00:00", "type": "oraclelinux", "title": "expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46143", "CVE-2022-23990"], "modified": "2022-03-16T00:00:00", "id": "ELSA-2022-9227", "href": "http://linux.oracle.com/errata/ELSA-2022-9227.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-01-30T11:06:27", "description": "An update for mingw-expat is now available for Rocky Linux 8.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\nExpat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. \nThe following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-30T05:21:15", "type": "rocky", "title": "mingw-expat security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-01-30T05:21:15", "id": "RLSA-2022:7811", "href": "https://errata.rockylinux.org/RLSA-2022:7811", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "githubexploit": [{"lastseen": "2023-11-28T01:40:59", "description": "== How to build expat with cmake (experimental) ==\r\n\r\nThe cmake ...", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-04-28T05:39:11", "type": "githubexploit", "title": "Exploit for Integer Overflow or Wraparound in Libexpat Project Libexpat", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-09-15T19:21:13", "id": "83517174-9759-52CB-8458-CAA51DE6014D", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "privateArea": 1}, {"lastseen": "2023-11-28T01:41:19", "description": "== How to build expat with cmake (experimental) ==\r\n\r\nThe cmake ...", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-04-27T11:46:00", "type": "githubexploit", "title": "Exploit for Integer Overflow or Wraparound in Libexpat Project Libexpat", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2022-04-27T11:50:52", "id": "0F38D46E-C3B6-5F27-9475-DBF7F74668A7", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "privateArea": 1}], "alpinelinux": [{"lastseen": "2023-11-28T17:24:49", "description": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-26T19:15:08", "type": "alpinelinux", "title": "CVE-2022-23990", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23990"], "modified": "2023-11-07T03:44:21", "id": "ALPINE:CVE-2022-23990", "href": "https://security.alpinelinux.org/vuln/CVE-2022-23990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-25T04:10:10", "description": "vim is vulnerable to Heap-based Buffer Overflow", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-19T13:15:00", "type": "alpinelinux", "title": "CVE-2021-3872", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-11-28T23:24:00", "id": "ALPINE:CVE-2021-3872", "href": "https://security.alpinelinux.org/vuln/CVE-2021-3872", "cvss": {}}], "huntr": [{"lastseen": "2023-10-31T17:09:25", "description": "# Description\nWhilst testing vim built from `commit be01090` with Clang 12 + ASan on Ubuntu 18.04, we discovered crafted input which triggers a bug in how vim draws information on the screen, causing a heap-buffer-overflow, WRITE of size 5 to occur. \n\n # Proof of Concept\nThe disclosed POC is trimmed down as small as we could make it and still trigger the bug. Thank you. \n\nFirst...\n```\ngit clone https://github.com/vim/vim\n\nLD=lld AS=llvm-as AR=llvm-ar RANLIB=llvm-ranlib CC=clang CXX=clang++ CFLAGS=\"-fsanitize=address\" CXXFLAGS=\"-fsanitize=address\" LDFLAGS=\"-ldl -fsanitize=address\" ./configure --with-features=huge --enable-gui=none\n\nmake\n```\nSecond...\n```\necho \"ZggwMDAwMDAwMDAwMDAwMDAwMDAwMDAwCmYIMH8wMDAwMDAlJSUlJSUlJSUlJTAwMDAwMPz//wpl\nJSUlJSUlJSUlJSUlJSUKdnMKdjD/MG8=\" | base64 -d > /tmp/crash0000.fuzz\n```\n\nThen...\n```\nvim -u NONE -X -Z -e -s -S /tmp/crash0000.fuzz -c :qa!\n```\n\nFinally...\n```\n==1650480==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62100000c500 at pc 0x00 000043beca bp 0x7ffd6c97a1b0 sp 0x7ffd6c979978\nWRITE of size 5 at 0x62100000c500 thread T0\n #0 0x43bec9 in __asan_memcpy (/root/vim/src/vim+0x43bec9)\n #1 0x61259e in win_redr_status /root/vim/src/drawscreen.c:488:6\n #2 0x630463 in redraw_statuslines /root/vim/src/drawscreen.c:3230:6\n #3 0x14d46b5 in main_loop /root/vim/src/main.c:1396:6\n #4 0x806356 in do_exedit /root/vim/src/ex_docmd.c:6903:3\n #5 0x7ab70f in ex_open /root/vim/src/ex_docmd.c:6838:5\n #6 0x7cc6cc in do_one_cmd /root/vim/src/ex_docmd.c:2611:2\n #7 0x7cc6cc in do_cmdline /root/vim/src/ex_docmd.c:1000:17\n #8 0x78e706 in global_exe_one /root/vim/src/ex_cmds.c\n #9 0x78e706 in global_exe /root/vim/src/ex_cmds.c:5030:2\n #10 0x78d8f7 in ex_global /root/vim/src/ex_cmds.c:4991:6\n #11 0x7cc6cc in do_one_cmd /root/vim/src/ex_docmd.c:2611:2\n #12 0x7cc6cc in do_cmdline /root/vim/src/ex_docmd.c:1000:17\n #13 0xed4fba in do_source /root/vim/src/scriptfile.c:1406:5\n #14 0xee2d93 in cmd_source /root/vim/src/scriptfile.c:971:14\n #15 0xee2d93 in ex_source /root/vim/src/scriptfile.c:997:2\n #16 0x7cc6cc in do_one_cmd /root/vim/src/ex_docmd.c:2611:2\n #17 0x7cc6cc in do_cmdline /root/vim/src/ex_docmd.c:1000:17\n #18 0x14cd685 in do_cmdline_cmd /root/vim/src/ex_docmd.c:594:12\n #19 0x14cd685 in exe_commands /root/vim/src/main.c:3081:2\n #20 0x14cd685 in vim_main2 /root/vim/src/main.c:773:2\n #21 0x14c6426 in main /root/vim/src/main.c:425:12\n #22 0x7fcb01979564 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28564)\n #23 0x3c180d in _start (/root/vim/src/vim+0x3c180d)\n\n0x62100000c500 is located 0 bytes to the right of 4096-byte region [0x62100000b500,0x62100000 c500)\nallocated by thread T0 here:\n #0 0x43ca6d in malloc (/root/vim/src/vim+0x43ca6d)\n #1 0x47135d in lalloc /root/vim/src/alloc.c:244:11\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow (/root/vim/src/vim+0x43bec9) in __asan_memcpy\n```\n# Impact\nForcefully exiting vim, software crash, etc.\n\nBuffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker's code. Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory. For example, object methods in C++ are generally implemented using function pointers. Even in C programs, there is often a global offset table used by the underlying runtime. When the consequence is arbitrary code execution, this can often be used to subvert any other security service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-07T16:51:04", "type": "huntr", "title": "Heap-based Buffer Overflow in vim/vim", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3872"], "modified": "2021-10-08T17:44:40", "id": "C958013B-1C09-4939-92CA-92F50AA169E8", "href": "https://www.huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-11-27T18:01:01", "description": "## Summary\n\nIBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by vulnerabilities in the Expat library. The vulnerabilities can lead to execution of arbitrary code, as described by the CVEs in the \"Vulnerability Details\" section. The vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23990](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218206>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Storage Protect for Virtual Environments: Data Protection for VMware| 8.1.0.0 - 8.1.14.0 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by upgrading. The vulnerability is fixed as of version 8.1.15.0, but version 8.1.20.0 or later is recommended. \n**\n\n**Product \n**| **Fixing level**| **Platforms**| **Link to fix and instructions** \n---|---|---|--- \nIBM Storage Protect for Virtual Environments: Data Protection for VMware| 8.1.20.0| Windows| <https://www.ibm.com/support/pages/node/7015823> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-10-11T14:40:42", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Expat (AKA libexpat) affect IBM Storage Protect for Virtual Environments: Data Protection for VMware (CVE-2022-23852, CVE-2022-23990)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2023-10-11T14:40:42", "id": "286F1017E68DD9C537B3E204D4D56B4D99F84E2A48D5F1F80586AD9AE21FDA3E", "href": "https://www.ibm.com/support/pages/node/7050952", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T22:56:06", "description": "## Summary\n\nWhen Expat (also known as libexpat) is used by IBM Tivoli Network Manager ( ITNM ), it could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. (CVE-2022-23990 and CVE-2022-23852)\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23990](<https://vulners.com/cve/CVE-2022-23990>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITNM| 4.2.0.x \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading to ITNM4.2 Fix Pack 15(i.e. 4.2.0.15) available from fix central. \n\n \nITNM Full builds\n\n[4.2.0-TIV-ITNMIP-Linux-FP0015](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-Linux-FP0015&source=SAR> \"4.2.0-TIV-ITNMIP-Linux-FP0015\" )\n\n[4.2.0-TIV-ITNMIP-zLinux-FP0015](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-zLinux-FP0015&source=SAR> \"4.2.0-TIV-ITNMIP-zLinux-FP0015\" )\n\n[4.2.0-TIV-ITNMIP-AIX-FP0015](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-AIX-FP0015&source=SAR> \"4.2.0-TIV-ITNMIP-AIX-FP0015\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-21T04:24:34", "type": "ibm", "title": "Security Bulletin: Due to use of Expat, IBM Tivoli Network Manager is vulnerable to arbiraty code execution (CVE-2022-23990 and CVE-2022-23852)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2022-07-21T04:24:34", "id": "BBF0559C3F78F27F66312F1B19E01706BC9D31903F28A3C8BBB962D74D4C05D3", "href": "https://www.ibm.com/support/pages/node/6606203", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T23:06:03", "description": "## Summary\n\nIBM\u00ae Db2\u00ae is affected by multiple vulnerabilities in the included Expat 3rd party library. This fix provides an upgrade to the Expat library.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23990](<https://vulners.com/cve/CVE-2022-23990>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDB2| 11.1.x \nDB2| 10.5.x \nDB2| 9.7.x \nDB2| 10.1.x \n \n## Remediation/Fixes\n\nCustomers running any vulnerable fixpack level of an affected Program, V9.7, V10.1, V10.5, and v11.1 can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent fixpack level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, and V11.1.4 FP6. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability.\n\n**Release**| **Fixed in fix pack**| **APAR**| **Download URL** \n---|---|---|--- \nV9.7| TBD| [IT39923](<https://www.ibm.com/support/pages/apar/IT39923> \"IT39923\" )| Special Build for V9.7 FP11: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-aix64-universal_fixpack-9.7.0.11-FP011%3A727971636791515648&includeSupersedes=0> \"AIX 64-bit\" ) \n[HP-UX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-hpipf64-universal_fixpack-9.7.0.11-FP011%3A851180754424036608&includeSupersedes=0> \"HP-UX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41070_DSClients-linuxia32-client-9.7.0.11-FP011%3A791200385595018112&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-linuxx64-universal_fixpack-9.7.0.11-FP011%3A323548371775419968&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 big endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-linuxppc64-universal_fixpack-9.7.0.11-FP011%3A434722617968495104&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 big endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-linux390x64-universal_fixpack-9.7.0.11-FP011%3A526435137934867648&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Solaris 64-bit, SPARC](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-sun64-universal_fixpack-9.7.0.11-FP011%3A589992049596818816&includeSupersedes=0> \"Solaris 64-bit, SPARC\" ) \n[Solaris 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-sunamd64-universal_fixpack-9.7.0.11-FP011%3A725892539778033536&includeSupersedes=0> \"Solaris 64-bit, x86-64\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41070_DSClients-nt32-client-9.7.1100.352-FP011%3A861763246836869504&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41070_DB2-ntx64-universal_fixpack-9.7.1100.352-FP011%3A945083910957372160&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV10.1| TBD| [IT39922](<https://www.ibm.com/support/pages/apar/IT39922> \"IT39922\" )| Special Build for V10.1 FP6: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-aix64-universal_fixpack-10.1.0.6-FP006%3A597968512837559296&includeSupersedes=0> \"AIX 64-bit\" ) \n[HP-UX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-hpipf64-universal_fixpack-10.1.0.6-FP006%3A410685725986410048&includeSupersedes=0> \"HP-UX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41071_DSClients-linuxia32-client-10.1.0.6-FP006%3A687153485633871616&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-linuxx64-universal_fixpack-10.1.0.6-FP006%3A707817967749968128&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 big endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-linuxppc64-universal_fixpack-10.1.0.6-FP006%3A404990825048380352&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 big endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-linux390x64-universal_fixpack-10.1.0.6-FP006%3A832214504616065536&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Solaris 64-bit, SPARC](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-sun64-universal_fixpack-10.1.0.6-FP006%3A912812127768086784&includeSupersedes=0> \"Solaris 64-bit, SPARC\" ) \n[Solaris 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-sunamd64-universal_fixpack-10.1.0.6-FP006%3A350608974223723392&includeSupersedes=0> \"Solaris 64-bit, x86-64\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41071_DSClients-nt32-client-10.1.600.580-FP006%3A996046766644615808&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41071_DB2-ntx64-universal_fixpack-10.1.600.580-FP006%3A438505573245618880&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n \nV10.5| TBD| [IT39920](<https://www.ibm.com/support/pages/apar/IT39920> \"IT39920\" )| Special Build for V10.5 FP11: \n\n[AIX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-aix64-universal_fixpack-10.5.0.11-FP011%3A621752273734020352&includeSupersedes=0> \"AIX 64-bit\" ) \n[HP-UX 64-bit](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-hpipf64-universal_fixpack-10.5.0.11-FP011%3A681070399886620672&includeSupersedes=0> \"HP-UX 64-bit\" ) \n[Linux 32-bit, x86-32](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41072_DSClients-linuxia32-client-10.5.0.11-FP011%3A528175410001565120&includeSupersedes=0> \"Linux 32-bit, x86-32\" ) \n[Linux 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-linuxx64-universal_fixpack-10.5.0.11-FP011%3A879647265310347264&includeSupersedes=0> \"Linux 64-bit, x86-64\" ) \n[Linux 64-bit, POWER\u2122 big endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-linuxppc64-universal_fixpack-10.5.0.11-FP011%3A930144217926081792&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 big endian\" ) \n[Linux 64-bit, POWER\u2122 little endian](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-linuxppc64le-universal_fixpack-10.5.0.11-FP011%3A191290649662484864&includeSupersedes=0> \"Linux 64-bit, POWER\u2122 little endian\" ) \n[Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-linux390x64-universal_fixpack-10.5.0.11-FP011%3A330546416855110208&includeSupersedes=0> \"Linux 64-bit, System z\u00ae, System z9\u00ae or zSeries\u00ae\" ) \n[Solaris 64-bit, SPARC](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-sun64-universal_fixpack-10.5.0.11-FP011%3A675138745734461312&includeSupersedes=0> \"Solaris 64-bit, SPARC\" ) \n[Solaris 64-bit, x86-64](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-sunamd64-universal_fixpack-10.5.0.11-FP011%3A889686817111478016&includeSupersedes=0> \"Solaris 64-bit, x86-64\" ) \n[Windows 32-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Data+Server+Client+Packages&release=All&platform=All&function=fixId&fixids=special_41072_DSClients-nt32-client-10.5.1100.2866-FP011%3A347173580789884352&includeSupersedes=0> \"Windows 32-bit, x86\" ) \n[Windows 64-bit, x86](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-ntx64-universal_fixpack-10.5.1100.2866-FP011%3A794869617808602496&includeSupersedes=0> \"Windows 64-bit, x86\" ) \n[Inspur](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=special_41072_DB2-inspurkux64-universal_fixpack-10.5.0.11-FP011%3A668555431857067776&includeSupersedes=0> \"Inspur\" ) \n \nV11.1| 11.1.4 FP 7| [IT39918](<https://www.ibm.com/support/pages/apar/IT39918> \"IT39918\" )| <https://www.ibm.com/support/pages/node/6573089> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-20T14:28:59", "type": "ibm", "title": "Security Bulletin: IBM\u00ae Db2\u00ae is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2022-04-20T14:28:59", "id": "7199608F6EB8549A244A7FADE8988B10FCD4A0AF0E4D56F74D57C92549DF269A", "href": "https://www.ibm.com/support/pages/node/6573293", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:39:45", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for expat fixes the following issues:\n\n - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer\n (bsc#1195054).\n - CVE-2022-23990: Fixed integer overflow in the doProlog function\n (bsc#1195217).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-498=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T00:00:00", "type": "suse", "title": "Security update for expat (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2022-02-18T00:00:00", "id": "OPENSUSE-SU-2022:0498-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2BCJZG2PLWMYBP7YS7O3T6NSE3AKSEBB/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-11-27T15:33:19", "description": "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T20:29:44", "type": "mageia", "title": "Updated expat packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2022-02-03T20:29:44", "id": "MGASA-2022-0048", "href": "https://advisories.mageia.org/MGASA-2022-0048.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redos": [{"lastseen": "2023-11-27T16:04:07", "description": "Vulnerability in the XML streaming parser library libexpat, related to an integer\r\n integer overflow in doProlog() function, allowing a remote attacker to pass specially crafted data to an application, cause an integer overflow, and execute arbitrary code in the target application.\r\n specially crafted data to an application, cause an integer overflow, and execute arbitrary code on the target system.\r\n system\n\nVulnerability in the XML streaming parser library libexpat related to integer overflow or cyclic overflow.\r\n integer overflow or loopback, allowing a remote attacker to pass specially crafted data to an application, cause an integer overflow, and execute arbitrary code on the target system.\r\n specially crafted data into an application, cause an integer overflow, and execute arbitrary\r\n code on the target system", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-30T00:00:00", "type": "redos", "title": "ROS-20220330-02", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23852", "CVE-2022-23990"], "modified": "2022-03-30T00:00:00", "id": "ROS-20220330-02", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-libexpat-cve-2022-23852-cve-2022-23990/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hivepro": [{"lastseen": "2023-11-22T16:44:26", "description": "Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. This vulnerability, identified as CVE-2023-34060, the flaw could be exploited by a malicious actor to circumvent authentication protections in Cloud Director. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-17T08:07:39", "type": "hivepro", "title": "VMware Unveils Critical Authentication Bypass Vulnerability in VCD Appliance", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-17T08:07:39", "id": "HIVEPRO:8F75F0DA225CCE50A996BDCCDB9B77D2", "href": "https://www.hivepro.com/threat-advisory/vmware-unveils-critical-authentication-bypass-vulnerability-in-vcd-appliance/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "vmware": [{"lastseen": "2023-11-27T18:19:41", "description": "3\\. Authentication Bypass Vulnerability (CVE-2023-34060) \n\nVMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-14T00:00:00", "type": "vmware", "title": "VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34060"], "modified": "2023-11-14T00:00:00", "id": "VMSA-2023-0026", "href": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2023-11-15T04:42:01", "description": "[](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLcEfiiZzDiwCkaj-4kSgjtNMuA1dw467mYJvHZ_F0GZdG9BgLRQ8DmDCGxtoufqV49GlbW_8ExKxQPn7D6XR1Tb3vxaxTiXtirCoj56DLR-s7cAsffTKfDxYmJwsIhhNoRGUCPlTtk38c8A4xg9nOJI1pKSwtLS2q252_zZt3nR1NjddnnRy1bY52dB6m/s728-rw-ft-e30/vmware.jpg>)\n\nVMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections.\n\nTracked as **CVE-2023-34060** (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version.\n\n\"On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console),\" the company [said](<https://www.vmware.com/security/advisories/VMSA-2023-0026.html>) in an alert.\n\n\"This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.\"\n\nThe virtualization services company further noted that the impact is due to the fact that it utilizes a version of sssd from the underlying Photon OS that is affected by [CVE-2023-34060](<https://github.com/vmware/photon/wiki/security-advisory-CVE-2023-34060>).\n\n[](<https://thn.news/pjHvTZON> \"Cybersecurity\" )\n\nDustin Hartle from IT solutions provider Ideal Integrations has been credited with discovering and reporting the shortcomings.\n\nWhile VMware has yet to release a fix for the problem, it has provided a [workaround](<https://kb.vmware.com/s/article/95534>) in the form of a shell script (\"WA_CVE-2023-34060.sh\").\n\nIt also emphasized implementing the temporary mitigation will neither require downtime nor have a side-effect on the functionality of Cloud Director installations.\n\nThe development comes weeks after VMware released patches for another critical flaw in the vCenter Server ([CVE-2023-34048](<https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html>), CVSS score: 9.8) that could result in remote code execution on affected systems.\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-11-15T04:18:00", "type": "thn", "title": "Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-34048", "CVE-2023-34060"], "modified": "2023-11-15T04:18:03", "id": "THN:17D0D209B56B4709BECDD8021277421F", "href": "https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}