(RHSA-2021:2461) Moderate: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update

2021-06-16T15:19:08

Description

Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)

{"id": "RHSA-2021:2461", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:2461) Moderate: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site reliability\nengineers face as they work across a range of public and private cloud environments.\nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly for\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)", "published": "2021-06-16T15:19:08", "modified": "2021-06-16T15:19:59", "epss": [{"cve": "CVE-2016-10228", "epss": 0.00666, "percentile": 0.77193, "modified": "2023-09-11"}, {"cve": "CVE-2017-14502", "epss": 0.00675, "percentile": 0.77005, "modified": "2023-06-23"}, {"cve": "CVE-2019-14866", "epss": 0.00053, "percentile": 0.19025, "modified": "2023-06-13"}, {"cve": "CVE-2019-25013", "epss": 0.00311, "percentile": 0.6576, "modified": "2023-06-13"}, {"cve": "CVE-2019-25032", "epss": 0.00196, "percentile": 0.56176, "modified": "2023-06-13"}, {"cve": "CVE-2019-25034", "epss": 0.00196, "percentile": 0.56176, "modified": "2023-06-13"}, {"cve": "CVE-2019-25035", "epss": 0.00196, "percentile": 0.56176, "modified": "2023-06-13"}, {"cve": "CVE-2019-25036", "epss": 0.00092, "percentile": 0.38201, "modified": "2023-06-13"}, {"cve": "CVE-2019-25037", "epss": 0.00092, "percentile": 0.38201, "modified": "2023-06-13"}, {"cve": "CVE-2019-25038", "epss": 0.00196, "percentile": 0.56176, "modified": "2023-06-13"}, {"cve": "CVE-2019-25039", "epss": 0.00196, "percentile": 0.56176, "modified": "2023-06-13"}, {"cve": "CVE-2019-25040", "epss": 0.00092, "percentile": 0.38201, "modified": "2023-06-13"}, {"cve": "CVE-2019-25041", "epss": 0.00092, "percentile": 0.38201, "modified": "2023-06-13"}, {"cve": "CVE-2019-25042", "epss": 0.00196, "percentile": 0.56176, "modified": "2023-06-13"}, {"cve": "CVE-2019-2708", "epss": 0.00091, "percentile": 0.37829, "modified": "2023-06-13"}, {"cve": "CVE-2019-3842", "epss": 0.00156, "percentile": 0.50787, "modified": "2023-06-13"}, {"cve": "CVE-2019-9169", "epss": 0.0029, "percentile": 0.64555, "modified": "2023-06-13"}, {"cve": "CVE-2020-10543", "epss": 0.00299, "percentile": 0.6503, "modified": "2023-06-06"}, {"cve": "CVE-2020-10878", "epss": 0.00274, "percentile": 0.63366, "modified": "2023-06-06"}, {"cve": "CVE-2020-12362", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12363", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-12364", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-13434", "epss": 0.00063, "percentile": 0.25071, "modified": "2023-06-06"}, {"cve": "CVE-2020-13776", "epss": 0.00044, "percentile": 0.10297, "modified": "2023-06-06"}, {"cve": "CVE-2020-15358", "epss": 0.00078, "percentile": 0.32289, "modified": "2023-06-06"}, {"cve": "CVE-2020-24330", "epss": 0.00053, "percentile": 0.18828, "modified": "2023-06-06"}, {"cve": "CVE-2020-24331", "epss": 0.00053, "percentile": 0.18828, "modified": "2023-06-06"}, {"cve": "CVE-2020-24332", "epss": 0.00058, "percentile": 0.21997, "modified": "2023-06-06"}, {"cve": "CVE-2020-24977", "epss": 0.00257, "percentile": 0.62116, "modified": "2023-06-06"}, {"cve": "CVE-2020-25648", "epss": 0.00767, "percentile": 0.78686, "modified": "2023-06-06"}, {"cve": "CVE-2020-25692", "epss": 0.00089, "percentile": 0.36615, "modified": "2023-06-06"}, {"cve": "CVE-2020-26116", "epss": 0.00247, "percentile": 0.61233, "modified": "2023-06-06"}, {"cve": "CVE-2020-26137", "epss": 0.00256, "percentile": 0.62059, "modified": "2023-06-06"}, {"cve": "CVE-2020-27170", "epss": 0.00047, "percentile": 0.14225, "modified": "2023-06-06"}, {"cve": "CVE-2020-27618", "epss": 0.00053, "percentile": 0.18798, "modified": "2023-06-06"}, {"cve": "CVE-2020-27619", "epss": 0.00639, "percentile": 0.76212, "modified": "2023-06-06"}, {"cve": "CVE-2020-28196", "epss": 0.00375, "percentile": 0.68812, "modified": "2023-06-06"}, {"cve": "CVE-2020-28362", "epss": 0.00518, "percentile": 0.73431, "modified": "2023-06-06"}, {"cve": "CVE-2020-28935", "epss": 0.00045, "percentile": 0.12142, "modified": "2023-06-06"}, {"cve": "CVE-2020-29361", "epss": 0.00358, "percentile": 0.68068, "modified": "2023-06-06"}, {"cve": "CVE-2020-29362", "epss": 0.00091, "percentile": 0.37872, "modified": "2023-06-06"}, {"cve": "CVE-2020-29363", "epss": 0.00098, "percentile": 0.39575, "modified": "2023-06-06"}, {"cve": "CVE-2020-8231", "epss": 0.00197, "percentile": 0.56191, "modified": "2023-06-06"}, {"cve": "CVE-2020-8284", "epss": 0.00148, "percentile": 0.49635, "modified": "2023-06-06"}, {"cve": "CVE-2020-8285", "epss": 0.0045, "percentile": 0.71446, "modified": "2023-06-06"}, {"cve": "CVE-2020-8286", "epss": 0.0026, "percentile": 0.62359, "modified": "2023-06-06"}, {"cve": "CVE-2020-8648", "epss": 0.00076, "percentile": 0.30993, "modified": "2023-06-06"}, {"cve": "CVE-2020-8927", "epss": 0.00282, "percentile": 0.639, "modified": "2023-06-06"}, {"cve": "CVE-2021-21309", "epss": 0.00532, "percentile": 0.73778, "modified": "2023-05-27"}, {"cve": "CVE-2021-21639", "epss": 0.00054, "percentile": 0.19927, "modified": "2023-05-27"}, {"cve": "CVE-2021-21640", "epss": 0.00054, "percentile": 0.19927, "modified": "2023-05-27"}, {"cve": "CVE-2021-23336", "epss": 0.00149, "percentile": 0.49678, "modified": "2023-05-27"}, {"cve": "CVE-2021-25215", "epss": 0.01337, "percentile": 0.8408, "modified": "2023-05-27"}, {"cve": "CVE-2021-27219", "epss": 0.00145, "percentile": 0.49112, "modified": "2023-05-27"}, {"cve": "CVE-2021-28092", "epss": 0.00172, "percentile": 0.52999, "modified": "2023-05-27"}, {"cve": "CVE-2021-28163", "epss": 0.00063, "percentile": 0.25512, "modified": "2023-05-27"}, {"cve": "CVE-2021-28165", "epss": 0.96646, "percentile": 0.99408, "modified": "2023-05-27"}, {"cve": "CVE-2021-28918", "epss": 0.02018, "percentile": 0.87243, "modified": "2023-05-27"}, {"cve": "CVE-2021-3114", "epss": 0.00244, "percentile": 0.60866, "modified": "2023-05-27"}, {"cve": "CVE-2021-3177", "epss": 0.01985, "percentile": 0.87106, "modified": "2023-05-31"}, {"cve": "CVE-2021-3326", "epss": 0.00389, "percentile": 0.69336, "modified": "2023-05-23"}, {"cve": "CVE-2021-3347", "epss": 0.00044, "percentile": 0.08327, "modified": "2023-05-23"}, {"cve": "CVE-2021-3501", "epss": 0.00044, "percentile": 0.10329, "modified": "2023-05-23"}, {"cve": "CVE-2021-3543", "epss": 0.00042, "percentile": 0.05691, "modified": "2023-05-23"}], "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:2461", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332", "CVE-2020-24977", "CVE-2020-25648", "CVE-2020-25692", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27170", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28362", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8648", "CVE-2020-8927", "CVE-2021-21309", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-27219", "CVE-2021-28092", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-28918", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3347", "CVE-2021-3501", "CVE-2021-3543"], "immutableFields": [], "lastseen": "2023-09-12T04:36:23", "viewCount": 30, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["BIND_ADVISORY19.ASC", "PERL_ADVISORY5.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2020:5493", "ALSA-2021:1093", "ALSA-2021:1578", "ALSA-2021:1581", "ALSA-2021:1582", "ALSA-2021:1585", "ALSA-2021:1593", "ALSA-2021:1597", "ALSA-2021:1609", "ALSA-2021:1610", "ALSA-2021:1611", "ALSA-2021:1620", "ALSA-2021:1627", "ALSA-2021:1631", "ALSA-2021:1633", "ALSA-2021:1675", "ALSA-2021:1678", "ALSA-2021:1702", "ALSA-2021:1746", "ALSA-2021:1761", "ALSA-2021:1853", "ALSA-2021:1879", "ALSA-2021:1968", "ALSA-2021:1989", "ALSA-2021:2168", "ALSA-2021:2170", "ALSA-2021:3572", "ALSA-2021:4151", "ALSA-2021:4162", "ALSA-2021:4226", "ALSA-2021:4526", "ALSA-2022:0827", "ALSA-2022:0830"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2017-14502", "ALPINE:CVE-2019-14866", "ALPINE:CVE-2020-10543", "ALPINE:CVE-2020-10878", "ALPINE:CVE-2020-13434", "ALPINE:CVE-2020-15358", "ALPINE:CVE-2020-24977", "ALPINE:CVE-2020-25648", "ALPINE:CVE-2020-25692", "ALPINE:CVE-2020-26137", "ALPINE:CVE-2020-28196", "ALPINE:CVE-2020-28362", "ALPINE:CVE-2020-28935", "ALPINE:CVE-2020-29361", "ALPINE:CVE-2020-29362", "ALPINE:CVE-2020-29363", "ALPINE:CVE-2020-8231", "ALPINE:CVE-2020-8284", "ALPINE:CVE-2020-8285", "ALPINE:CVE-2020-8286", "ALPINE:CVE-2020-8927", "ALPINE:CVE-2021-21309", "ALPINE:CVE-2021-21639", "ALPINE:CVE-2021-21640", "ALPINE:CVE-2021-23336", "ALPINE:CVE-2021-25215", "ALPINE:CVE-2021-27219", "ALPINE:CVE-2021-3114", "ALPINE:CVE-2021-3177"]}, {"type": "altlinux", "idList": ["0DCA487D90FA58D1320A51AA360F776B", "172377A713A918D5853CA3E9B24EFF85", "18D0CB45C93C051719A801D936BC19A2", "1DEA21E8CC43D5E2435AE7EB16DAC242", "22B706709AF3BEB0700F24736F6EDF39", "2777060AF262CE012638411E1C9044B6", "33BC9B12459278B2E8AA2FCB5E629EE0", "567F180E2656D2B15554048D9CEF1B09", "63CBCEE7DD1064D143361019B09DF418", "641641390598455C6AFBD0BCE7A8D150", "69FCC7D3741E27576F8891899E5C3887", "6EC23EDF5005F790300051B316B093D4", "8D79D5F1BCBEB74A0D3E958E790B4049", "B963C4355B69B74D78CF5D3D44CBA7EB", "DFB3531007B1DED7ABA1D6D9F40A6504", "DFBA4EF54C79890FFE224A6EF14372C8", "F2F8CB06F62B8B4740434DE390A0EF18", "F4B6EAF6AAD9D382AF5DA2B758A6A61F", "FEA7462C847C06E37C33273089EBED5D"]}, {"type": "amazon", "idList": ["ALAS-2020-1360", "ALAS-2020-1444", "ALAS-2020-1454", "ALAS-2020-1471", "ALAS-2021-1471", "ALAS-2021-1480", "ALAS-2021-1484", "ALAS-2021-1498", "ALAS-2021-1500", "ALAS-2021-1504", "ALAS-2021-1508", "ALAS-2021-1511", "ALAS-2021-1518", "ALAS-2021-1526", "ALAS-2021-1600", "ALAS-2022-1593", "ALAS-2023-1743", "ALAS2-2020-1405", "ALAS2-2020-1505", "ALAS2-2021-1578", "ALAS2-2021-1599", "ALAS2-2021-1600", "ALAS2-2021-1601", "ALAS2-2021-1605", "ALAS2-2021-1609", "ALAS2-2021-1610", "ALAS2-2021-1611", "ALAS2-2021-1615", "ALAS2-2021-1635", "ALAS2-2021-1638", "ALAS2-2021-1640", "ALAS2-2021-1655", "ALAS2-2021-1656", "ALAS2-2021-1662", "ALAS2-2021-1664", "ALAS2-2021-1668", "ALAS2-2021-1669", "ALAS2-2021-1670", "ALAS2-2021-1683", "ALAS2-2021-1693", "ALAS2-2022-1802", "ALAS2-2022-1845", "ALAS2-2022-1854"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-06-01", "ANDROID:2021-08-01", "ANDROID:2021-10-01"]}, {"type": "apple", "idList": ["APPLE:2A32C0762786DF36357D645066CDC600", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:BEC13883FC65A6FD008F312DB93C0A36", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:E9C90A2600A9DE3614B923070AEC31B1", "APPLE:F7DADB3E958148A6B63512580383CEA2", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211847", "APPLE:HT211850", "APPLE:HT211931", "APPLE:HT211935", "APPLE:HT211952", "APPLE:HT212147"]}, {"type": "archlinux", "idList": ["ASA-201911-3", "ASA-202009-12", "ASA-202009-13", "ASA-202011-15", "ASA-202011-16", "ASA-202012-17", "ASA-202012-18", "ASA-202101-27", "ASA-202102-16", "ASA-202102-17", "ASA-202102-23", "ASA-202102-28", "ASA-202102-37", "ASA-202103-27", "ASA-202104-10"]}, {"type": "arista", "idList": ["ARISTA:0062"]}, {"type": "attackerkb", "idList": ["AKB:0EF34EE1-74ED-42FF-A543-9543D3950C10", "AKB:32EDF036-241C-427F-85CC-0FA70C756F04"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2020:3908", "CESA-2021:0343", "CESA-2021:0348", "CESA-2021:1469", "CESA-2021:2147", "CESA-2021:2314", "CESA-2022:5235"]}, {"type": "chrome", "idList": ["GCSA-2509954079155194578"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:033E22850A2C09F2DBD2349016F7E062", "CFOUNDRY:12122B409153EB262420181E0E613DE3", "CFOUNDRY:21B35C0D976E5B0E31872BF9E79110BB", "CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1", "CFOUNDRY:34D8A70C8A3E947B531EA7935997AA85", "CFOUNDRY:6212B057FC69171CB35A504A83DF4903", "CFOUNDRY:7CCE0B0CA4C32E297BEADD4E79F7EBE9", "CFOUNDRY:81709274A5535B1DACDD4242D3B162A5", "CFOUNDRY:89587F3ED65C323B89E14DDACE9BA27F", "CFOUNDRY:8E671DB66CC777A32FC96E6B964ACEAC", "CFOUNDRY:A2488D03CBE987233F934844F44A3BB5", "CFOUNDRY:B6C923F29B1B64BF5EF7657B86EC5A6A", "CFOUNDRY:D09A12445CD6214C067F9255280BC24D", "CFOUNDRY:D1800B931E71999DC3B721FFDBB42636", "CFOUNDRY:DC7BE5C08671B54CC5F39351987D8CA3", "CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07", "CFOUNDRY:EF66FE5FEBE8216F66D049B74386E613", "CFOUNDRY:F2DA9ABBA88CF5381A0275BB6CBC8B81", "CFOUNDRY:FAA30968EB5FC787D7DD15251E2F2C77", "CFOUNDRY:FABA7095744DBBE521F639A1D964B809"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1608724009", "CLSA-2021:1632261705", "CLSA-2021:1632328234", "CLSA-2021:1632328264", "CLSA-2021:1632401716", "CLSA-2021:1633442879", "CLSA-2021:1636389306", "CLSA-2021:1637583639", "CLSA-2021:1640697315", "CLSA-2022:1641903536", "CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332", "CVE-2020-24977", "CVE-2020-25648", "CVE-2020-25692", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27170", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28362", "CVE-2020-28476", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8648", "CVE-2020-8927", "CVE-2021-21309", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-27219", "CVE-2021-28092", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-28359", "CVE-2021-28918", "CVE-2021-29418", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3347", "CVE-2021-3501", "CVE-2021-3543", "CVE-2021-40491"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1600-1:3AE4E", "DEBIAN:DLA-1600-1:DC924", "DEBIAN:DLA-1762-1:9B895", "DEBIAN:DLA-1762-1:ECF67", "DEBIAN:DLA-1981-1:9F57F", "DEBIAN:DLA-2221-1:3C6AD", "DEBIAN:DLA-2221-1:DCC99", "DEBIAN:DLA-2241-1:DE3AB", "DEBIAN:DLA-2241-2:3E557", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2340-1:34DF9", "DEBIAN:DLA-2369-1:46D38", "DEBIAN:DLA-2369-1:E14AE", "DEBIAN:DLA-2382-1:05F3C", "DEBIAN:DLA-2437-1:334D0", "DEBIAN:DLA-2437-1:9852C", "DEBIAN:DLA-2456-1:D70B3", "DEBIAN:DLA-2476-1:BF3F0", "DEBIAN:DLA-2500-1:61422", "DEBIAN:DLA-2513-1:91B04", "DEBIAN:DLA-2556-1:967CA", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2569-1:11737", "DEBIAN:DLA-2569-1:E3354", "DEBIAN:DLA-2576-1:05943", "DEBIAN:DLA-2576-1:97AA5", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DLA-2591-1:1BCAE", "DEBIAN:DLA-2592-1:6DFC9", "DEBIAN:DLA-2610-1:A54F6", "DEBIAN:DLA-2619-1:8192B", "DEBIAN:DLA-2628-1:6F808", "DEBIAN:DLA-2647-1:7BE9D", "DEBIAN:DLA-2652-1:FFCF4", "DEBIAN:DLA-2686-1:2EED1", "DEBIAN:DLA-2919-1:698BE", "DEBIAN:DLA-3044-1:84458", "DEBIAN:DLA-3152-1:9B676", "DEBIAN:DLA-3164-1:A25EA", "DEBIAN:DLA-3205-1:40C3E", "DEBIAN:DSA-4360-1:DDB49", "DEBIAN:DSA-4428-1:20BBA", "DEBIAN:DSA-4428-1:9D170", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4698-1:E1A7D", "DEBIAN:DSA-4795-1:5CD54", "DEBIAN:DSA-4801-1:69ED7", "DEBIAN:DSA-4822-1:23BB8", "DEBIAN:DSA-4822-1:83743", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4843-1:6BD24", "DEBIAN:DSA-4848-1:D81AC", "DEBIAN:DSA-4881-1:5FAC1", "DEBIAN:DSA-4909-1:42284", "DEBIAN:DSA-4909-1:88261"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10228", "DEBIANCVE:CVE-2017-14502", "DEBIANCVE:CVE-2019-14866", "DEBIANCVE:CVE-2019-25013", "DEBIANCVE:CVE-2019-25032", "DEBIANCVE:CVE-2019-25034", "DEBIANCVE:CVE-2019-25035", "DEBIANCVE:CVE-2019-25036", "DEBIANCVE:CVE-2019-25037", "DEBIANCVE:CVE-2019-25038", "DEBIANCVE:CVE-2019-25039", "DEBIANCVE:CVE-2019-25040", "DEBIANCVE:CVE-2019-25041", "DEBIANCVE:CVE-2019-25042", "DEBIANCVE:CVE-2019-3842", "DEBIANCVE:CVE-2019-9169", "DEBIANCVE:CVE-2020-10543", "DEBIANCVE:CVE-2020-10878", "DEBIANCVE:CVE-2020-12362", "DEBIANCVE:CVE-2020-12363", "DEBIANCVE:CVE-2020-12364", "DEBIANCVE:CVE-2020-13434", "DEBIANCVE:CVE-2020-13776", "DEBIANCVE:CVE-2020-15358", "DEBIANCVE:CVE-2020-24330", "DEBIANCVE:CVE-2020-24331", "DEBIANCVE:CVE-2020-24332", "DEBIANCVE:CVE-2020-24977", "DEBIANCVE:CVE-2020-25648", "DEBIANCVE:CVE-2020-25692", "DEBIANCVE:CVE-2020-26116", "DEBIANCVE:CVE-2020-26137", "DEBIANCVE:CVE-2020-27170", "DEBIANCVE:CVE-2020-27618", "DEBIANCVE:CVE-2020-27619", "DEBIANCVE:CVE-2020-28196", "DEBIANCVE:CVE-2020-28362", "DEBIANCVE:CVE-2020-28935", "DEBIANCVE:CVE-2020-29361", "DEBIANCVE:CVE-2020-29362", "DEBIANCVE:CVE-2020-29363", "DEBIANCVE:CVE-2020-8231", "DEBIANCVE:CVE-2020-8284", "DEBIANCVE:CVE-2020-8285", "DEBIANCVE:CVE-2020-8286", "DEBIANCVE:CVE-2020-8648", "DEBIANCVE:CVE-2020-8927", "DEBIANCVE:CVE-2021-21309", "DEBIANCVE:CVE-2021-23336", "DEBIANCVE:CVE-2021-25215", "DEBIANCVE:CVE-2021-27219", "DEBIANCVE:CVE-2021-28163", "DEBIANCVE:CVE-2021-28165", "DEBIANCVE:CVE-2021-3114", "DEBIANCVE:CVE-2021-3177", "DEBIANCVE:CVE-2021-3326", "DEBIANCVE:CVE-2021-3347", "DEBIANCVE:CVE-2021-3501", "DEBIANCVE:CVE-2021-3543", "DEBIANCVE:CVE-2021-40491"]}, {"type": "f5", "idList": ["F5:K03310902", "F5:K04572666", "F5:K08641512", "F5:K15338344", "F5:K15402727", "F5:K15405135", "F5:K25521404", "F5:K40508224", "F5:K44945790", "F5:K52494142", "F5:K54823184", "F5:K56499646", "F5:K61186963", "F5:K63525058", "F5:K68251873", "F5:K82112489", "F5:K96223611"]}, {"type": "fedora", "idList": ["FEDORA:00A0230BBF90", "FEDORA:017273129EBB", "FEDORA:05C0C3052E9A", "FEDORA:096673094224", "FEDORA:0E43B3058526", "FEDORA:1770A30256F7", "FEDORA:180E930E766E", "FEDORA:1A40F309F48E", "FEDORA:1D191309D1B6", "FEDORA:1F076314BE6F", "FEDORA:1F4D830C7DBF", "FEDORA:20FD230C77CB", "FEDORA:21C3E309DE29", "FEDORA:27A3A30520EC", "FEDORA:2AD1A3185983", "FEDORA:2B2C93094FB5", "FEDORA:2DF1B315B329", "FEDORA:2F75E3052DEE", "FEDORA:30D123099EC4", "FEDORA:3245830C47E2", "FEDORA:33618309E3C6", "FEDORA:36BF9305D418", "FEDORA:3B97F313413F", "FEDORA:3CA1930493B5", "FEDORA:404B730C2F75", "FEDORA:481D1608F47B", "FEDORA:4840930CA036", "FEDORA:4EE84305D41F", "FEDORA:4F60F30A106E", "FEDORA:5361730BB4C9", "FEDORA:591B130E1979", "FEDORA:59A883072F03", "FEDORA:68780608A492", "FEDORA:699543075DD7", "FEDORA:6E524310A486", "FEDORA:6ED3730946F6", "FEDORA:71D65309D32B", "FEDORA:72A4E3093B5E", "FEDORA:73B0C3094225", "FEDORA:73E1630A20AB", "FEDORA:74548307F429", "FEDORA:764EE30C99A3", "FEDORA:7822830CCC8D", "FEDORA:7A904309DE1B", "FEDORA:7C20C304C264", "FEDORA:7DB0634EDA0C", "FEDORA:7FD9A309E3EF", "FEDORA:8275C3092F8B", "FEDORA:862DE30A5C4D", "FEDORA:8657A309BA6B", "FEDORA:870313092FB5", "FEDORA:87F6B31A3E94", "FEDORA:8D7CB30BB4E7", "FEDORA:8FD383176A9C", "FEDORA:9408B30E7B01", "FEDORA:9FB8F310F2E1", "FEDORA:A387A3072636", "FEDORA:A44B831211EA", "FEDORA:A8BE83094DF0", "FEDORA:AA46430A6A34", "FEDORA:AA71A6383D9A", "FEDORA:AAF643072F13", "FEDORA:AC1C6304E3A3", "FEDORA:AF45530AA447", "FEDORA:B0FEC30C5629", "FEDORA:B42DC304E39B", "FEDORA:B5212306A249", "FEDORA:B5B17313A0D2", "FEDORA:B8C523106DFF", "FEDORA:C0A2E30B00AE", "FEDORA:C1626307261A", "FEDORA:C1819309C5A0", "FEDORA:C3D293095AFD", "FEDORA:C3ED760C452F", "FEDORA:C798F309DE1C", "FEDORA:CD864304939A", "FEDORA:CFC09309E7A4", "FEDORA:D02A2309CDA4", "FEDORA:D25E2304CBB0", "FEDORA:D47CC30C448C", "FEDORA:D4A5430C7DB7", "FEDORA:D74C43072F3D", "FEDORA:DFCF230E7DCE", "FEDORA:E29F2606E7E8", "FEDORA:E31D830DFF2D", "FEDORA:E4BA53093F7F", "FEDORA:E910330B50BA", "FEDORA:E9704310F2E3", "FEDORA:E9B1430CC2C0", "FEDORA:EA4F2309E0EF", "FEDORA:F0266309ACD0", "FEDORA:F23FE31401E3"]}, {"type": "fortinet", "idList": ["FG-IR-22-008"]}, {"type": "freebsd", "idList": ["0E38B8F8-75DD-11EB-83F2-8C164567CA3C", "388EBB5B-3C95-11EB-929D-D4C9EF517024", "3C77F139-3A09-11EB-929D-D4C9EF517024", "56BA4513-A1BE-11EB-9072-D4C9EF517024", "6A4805D5-5AAF-11EB-A21D-79F5BC5EF6A9", "9595D002-EDEB-4602-BE2D-791CD654247E", "B905DFF4-E227-11EA-B0EA-08002728F74C", "C4AC9C79-AB37-11EA-8B5E-B42E99A1B9C3", "DB4B2F27-252A-11EB-865C-00155D646400", "E358B470-B37D-4E47-BC8A-2CD9ADBEB63C", "E37A0A7B-E1A7-11EA-9538-0C9D925BBBC0", "F59AF308-07F3-11EA-8C56-F8B156B6DCC8", "F5ABAFC0-FCF6-11EA-8758-E0D55E2A8BF9", "FDC49972-3CA7-11EB-929D-D4C9EF517024"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-20:22.SQLITE"]}, {"type": "gentoo", "idList": ["GLSA-201908-11", "GLSA-202006-03", "GLSA-202006-04", "GLSA-202007-26", "GLSA-202011-17", "GLSA-202012-14", "GLSA-202012-21", "GLSA-202101-18", "GLSA-202101-20", "GLSA-202101-38", "GLSA-202103-02", "GLSA-202104-04", "GLSA-202107-05", "GLSA-202107-07", "GLSA-202107-13", "GLSA-202208-02"]}, {"type": "github", "idList": ["GHSA-26VR-8J45-3R4W", "GHSA-3XXV-P78R-4FC6", "GHSA-4C7M-WXVM-R7GC", "GHSA-5V8V-66V8-MWM7", "GHSA-7R28-3M3F-R2PR", "GHSA-7RRM-V45F-JP64", "GHSA-HGJ8-VFF2-7CJF", "GHSA-J6QJ-J888-VVGQ", "GHSA-M6GX-RHVJ-FH52", "GHSA-PCH5-WHG9-QR2R", "GHSA-PVWX-3JX5-24R2", "GHSA-W2HV-RCQR-2H7R", "GHSA-WQVQ-5M8C-6G24"]}, {"type": "githubexploit", "idList": ["0AADD19A-EDB0-57B1-90A5-96CF733B31D8"]}, {"type": "gitlab", "idList": ["GITLAB-6F31AAE3B1EE36320F2FEEBE7CFAD323", "GITLAB-9796C073EC6F3F3F4D5B0825248D1BC8"]}, {"type": "hackerone", "idList": ["H1:1040166", "H1:1045844", "H1:1048457", "H1:1084342", "H1:1141623", "H1:1145454", "H1:1168205", "H1:676976", "H1:888986", "H1:948876"]}, {"type": "hp", "idList": ["HP:C07023592"]}, {"type": "ibm", "idList": ["0029ABBB141B6B352048BA2F9DF7D2CCCF9E41BEDC2A8E7CA69432B1B68A991E", "030DBDFA95C526713EB031CD679D467ABA1AF40E44F9F3D9ED3913315861EDE2", "0336508687FC75709AB1D96C0DF14CA61FD81A95284DDA31533A99A1CBFC2A81", "0461F001E1ED521E0ADBE769652D6B3A1284DC9926D1C6B0377324739D24D5C7", "077CACE3330807DB9A0479410A548456194DEE66D2F89956CE566945832802D8", "0840A51D28EF0DD64B280F3A27235139F2A35F67EC4956EB6F1E4CDD0C421ED5", "08C2C257946E62415EC25786F8C76FDCF0DF2699FFCA0379011E8DE3B9FE77A0", "0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "0EB6AD2A7CDC25FBCDF358B0936A62DA85A4FB8E321049B009EEC9FAE83DF42F", "0EF2B3BEA4403B998499114AE5D3693C840E985B7ECCF95FA6F6834A4F819197", "0F5FDD6A95AE2FAC3D7E3C52034692C15DF4E5754EEFEF130DDA4280D97322F2", "0FF78AF1C487DE3B1A92548681C12BB71F6CB2B0B453E94F828CDEF3248FE0FD", "167951D4CB6682B161C7C63B81A840E45EF18CAE83E9A3ED32C423308A35D68F", "17F060B42E69822A4B143EEDCA4AF40D1FCDE7C861F57FC2A93C74DC357B3481", "190680E40A17D3CD839AD41A35BAAEA69C358A05CD874B5D0B4DBA1097C68C1E", "1A13E6CC79FCC83DDA9CC9D0EEC387490EEA3CB0B10BA19B2339B66E13D368F8", "1A8A5E6AC75FF4A1A546DD1431D4E3A224B13E96434DBC2C5C874D7E73D90553", "1B0ED4A3526A4957AFA5966EC1D954AC93826AA8F95F1EF2E8A3A6657E73F691", "1C560FDF4FF2E940003FF8C0D070D1BD39948F21DA49836BF64E9DA7FD25285B", "1F707BCFF7B87B9F76A41F8C24CF01CE9AF5A20146DFADFAD12F1F209431504F", "20D78D1F15CF6719B26AF45D46BE8B0697952AFB6607D042E039580C6BCF92BE", "25DE8BF64C58EFD9DD2C92C9D544C32FD6567CEC26CF6C9D70956F831B66255A", "265D1B6C4A3FAAA6603A120CE1D705D05BDC2BDAD6FFBD61AC5A18B875B14E1F", "26FA2412F9FF41AE6F3B6EFD82213308C0CDAB5A4B64CEA46FA5FFB290656D9E", "28E1A34D8B7AACAE238760E03EC7DC2D0E6A35DCA936AE45B1D6CE580679D06C", "2AD1F86BAC93366F89BAA6BECFE551E5D80A650C29A4222CD9BF66F9689BF3F3", "30DC450AABD11109A70A2AFC8BA5DC8E8DEFDC385B32C17C4EE2BE3BF55721AB", "30FC0C532542D6596B217061D3B9786ABE1AE5D6C6BE3856403D2A676557A8CD", "324040B56271D71A84F2DAB2E4D80E3170D2FCFDEAE2B5A6CAB0DF69F449B230", "32C7366BF60AD0A0414388FADDC398AE2C222E692560B44546E29585DCB69B7E", "345E18824B2D52AC690EC1671AC686DBE3FAFA93EBB7C3F153996741410FF314", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "37BE0D68718C21D9CA50B87DD731CC399CAF846F53E95DE95B6AF78B0D7A6CC5", "38CE21C8E36E0D8E13CFDB6726BF7297A06F5BEE727FDC02819987C18B1360E6", "39C214FD5E5504CD5F6F1D889575FBD4E81A443FEF59E6207CD831893A63CFFE", "3A0EC58D68A9FF044EFDD59A19016C7F96E811E1FC47D2E23F42FDF074B43F35", "3C693BF47D2367F3C1CF6B98F168404F18252E17EC96EACA6324028EDD5B52B5", "3CF3C789E67BC4BED4E00BAB92CFDEBBACDE7238E903B67252519FD7D01B4413", "407C5BA6F87D87480BE2E35485ACB27324098C08D9473ABCDC85674836045459", "4084935986C852F33CAE5E0C10EC1E67A016C9E964B3DE71ECA876D7AEB0B93E", "41E895291B7AB4EE51979AEE59C914030DFA4330C67377A090D2645BFA87FB03", "450C82AC2F6E3A533B01E69DC0E63D2C66CE40B5A93D389930726AD41BA7E373", "456A44C73802C0210EF9039DDC2F2011CE64D16EE318CB2485594AB6312D17CA", "45CF35DF98CCEBE555BB837DE6EA2F5A79C0540B83B3EEFAE129605E8565AE9E", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "4DFE5A6ED234327248E8451B57200F8C7A68429EC3CCCB0DFECC6728217B38C9", "4E20FF6980EF77F8F7C53E254EBEB9AF129EF6EDA938A5BDE9CFA46C95393000", "4E29621A8C665E765DF1B3133A2E3AF5095D6C26AD83AEE5F7A65FFABC557B20", "50F054E398D9C2FEC6804DE8873031657002656851BE150871B2800BAA7C2644", "516C78282E257BAD924E6FC3088367963BA15FCD8305B1B9C4978CA225F03D64", "573F294E16A1C9B7682B48604209232E9D20CDAD4F9D09F633AA855F804E24CD", "5C562A8B9EE6F8140582D44530977F0DEA3EFB52F7ACF87EFAA39CE6862AA47A", "6101231E7790666A5F3D41651D280416BD55B15F5142D36C2747367DC931E9A8", "612630C76F745039953454FE00A1CCB99B7D48AD1BAAC59BE8F1BB81C5357986", "6195FD892AA154A172FA62D1C3179F1BED3A69333139BC056B6242D7A468E832", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "65A4508C1DA395549FBC79488B5AB49FD1318D5EA8060FECE10A480701CC6CD1", "66693B23AEF92EC66457A5737C0ACF10DB393A26320B0202871EC9028B92FC1C", "6B0EA5EC8A444AC10EC1F200C7B61DAF5E4F6E89E5C2943D1BA5016D81598440", "6BFF2F7D47BEB5AAD519E86E0FF790AFC72EDB0265341A03D475E407CEF9931B", "6F5E7455D08E55E4F9F3DFA8B8B618487EC9BFDDC4FCB87851672633689609AB", "700973DB1C0B5FBE751BA9F1B6AF32C7F25F98D790B93A9C9D2DE61EB734BD58", "704353323B7E5075FA129A870B84AF879400C665CE04FB969279715761E7DCEC", "71B2E5A93BAD65EDC8828AD648152A6133B0A6F1A9CD3EC0D973BAFD3EE16900", "76523CA6ED9F13FF53F8FE827130B4B536110FD08A6CE82CEB4E3150DA65DF24", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "7A6627FB30537F67774301CE66136CB8471DD887C6FDF4BC9824732D94F56B3F", "7A89BB55E5B049E80A4EDE8650050366D20EC49B897A44F7858ECD4C51F1A2F8", "7E48E83AB3B599D048D884D2F2A9C830676F7F8EE7EFC2B799BFE4618D5E9A2F", "7F00398218A14B586B1DC506C6E9B0ECCD74597091AC18AB461C91BAED21F406", "7F1B2D3B77713A37E286E4D21B18E6D3A92838938B4DC057B8C935F3DCB61BC8", "86A0B847D48ABE8E582B1C33E6C19AB73FD9D93A80B340CCDC1D166A92F95ED8", "89EDB053A13178ECCE22E53127E4E3457976D1CD3AF94B502528C97684F15BB8", "8AA8A74B998A763E5B2326DD7A6F264439A0A32324D24C4ACE80AC34233AC1F9", "8AF49736D617D6497975587C78B2BF1F6346503341CAD9EAB6FBA89669C46B3C", "8C5F81E1994499DBB0DE67BE5FE7D15F748FAEF0DB15BBA4651F5D23252455DB", "8C84F9F6803F7B599727F54AFEA8E6241BA3FD1510B15AE2524E912A02E9BC46", "8FF8D0722368813BAC60AC99F022766EC02EB7E57543F1645B3F4AAF81B07C58", "9015B3024053E33993F6C31216DAD607F6216CD5AC759977FCFEA2292D1A3F6D", "9242F5F4636D9D5E6BC415C0976986849485D113A030592ECDEE1CCA74C74EE1", "9308099D073B8B4A5B875ABF63A2A8BA4F4ABCB691E71E14B89B4833B4ED12AD", "931303F9A96ED803993DD1AA9F2188A9DB58F95EBD1845C08786956B699FB7BA", "95DD7102E7FB3DA11F41658A2DAA7DAA75ECB6F96269F79A7FA31FEE5997F14B", "97CF7C515357F1AFFF5BDC937895F029179A2F0A599F6865A2F4BA81F8C07371", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "9965F358745F1B9369329D43E539B15C66501A996D90730CFA17D0F06E7694FA", "9BC1027206CB25437F276CCA8881B5018E12D01DE5EDA40580F9E8BF0D3E2205", "9CC035260C611E904F68763BADB082400462C660E435F64473CFB7BE12187BF5", "A166705A6540CA4C7A1C6EAB8E0C3F931B481EAA10B3071A6DEF594636D25819", "A273211199ABFE8E6374620379500B699CCE441D29CD8CE718FEBEE56DB0341A", "A2C8E2CF672AC451E5F568D88ED15C956CC420B68B1A498D23EF4F2087430CE6", "A2E923A551C0F36BAC84848E053A3A93F2AC1141EB9D1739FE1D48A6684F5352", "A65A20DF8DC8A4F56EC0F4DD6F4F7A99DA0D4AA58739A1193576B3B006626F85", "A81396DECDA68734AC02CDD489676D70AC4315FD2313AA28922145D45A9672E0", "AA9924D97A331BFEF405C5965F86807ACBF07005A06B3D61D1E7556C355A7841", "AB2C0489F353BB12BB89949E01DA1BD7D3A274FCDD90CE2BEB975BDC9E47FFA3", "AB7E82CD356AAA55900FFB785ECCA647E2DE687F0BE610FBC448CF5A139EB4CF", "AD465589B25492A16DED0ECFF4281F9C4931011A8158300CCCED826D8CC716A6", "ADF1935DF33BE76670BD5F0DF7FDC9001ECC55C8754357DF91B747BBF3BA7294", "AE422B9F3EF2D38F564DFC656E71F38129E00A45907005EE5EA7A634892D0C9C", "AEB328CC8D931D2BFACDBB1708074AFF2A53C68C85557EC09C82031DA56AED69", "AF7356B6BD67349B71B5E77D3CB023E5FA24FC17924E9C28B99EC0C046B8E216", "B1CB4F2A0E5AEB4C5A4669E5319B0B50605F31B798EE4E07A4D889EECCAC2AD2", "B62D8810A9F9CE7BA2083D51187066D68816FFD4EBF6BF909B47034366888437", "B6AD63732CD23EB3783BEBE65A96853CF122BD7D974D6A2E99CEFBBCE664A170", "B89616326F2ACA4483A6FD1036A987B8D2828930F6AC900D37AB085C7941179D", "B9470A869254EC8B868B6762C32B2C98DEF746E7F68812EE0385E52C226A69F0", "B98F811575D2E16065FC8E4C211A8B74BBF4DCEBB02BCE8974D057BDB7A7A3B4", "B9C7132D775DE65C4A7C7EA65CB4611218B4F54983B765131C39E74D07EE9525", "BC0916015C108037BE6EEE58D101EE5DE12F752A3F9BF433C3D352C6406B3C0E", "BCFE59AECDDB67845A4B618BFD6E41A20C550D57DD097AC67063BDCE4F60B5F5", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89", "C10FBBF5A8E11974F87E6A099C17E72598C3522DD897AF08DEDE1BCE75AC993E", "C54A64F51ED224A8F7D429251E9F0DA945B243265F5C96506C23B694951F2D16", "CA4DA6C0618E93A7819BE2F30428B6CBA15274490ABDE9E4CF88258503CE5EE0", "CDCC12630F70C23AEA9E4FF8A828C907D3B44C51B436CD1353EA714B6351BA53", "D55AEB6946D907D0FC5DA58A5F179B1B8E060C282C17CB82087FA62CA3FA71F8", "D5EE91437C61DB828864546A9877E1F863FE9DDA2D0B0BA7C35A8B9BDD774A7D", "D7EB5DD3AB3A8578DCEBB2F2F74987881B0F0892248AAC5FA44D1FFC68A74517", "DB8E4E659E64514548095D982131905FB3A6F5608C5916769B8820AA6A05133D", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DFB2B8A17991C21AA572BC3D0FE7E4D2908FC84F553760CE8368AAFCE6C462AE", "E13F75F869D571A85240331EB120F83974D98D63498ADF9BE18416B8ADD741BD", "E266F803E71C486543CF623D66DDFA40AA2C4AEB0C15F49A79A5600D3D37709B", "E6E3BBEB93F580534F273FB25EDFEC0DA2FDA24182C449CDEFF60B30638D69DE", "E83BF63685F2C90305069981C071D32B53876ACF7043D5AEB7C2319D670A7EB9", "E9A8C23824FEB3CF54C07A25B19E265D1905F763E9CC29B4410E2EC85F28EE49", "EAAB3057567AB6F8526CB95E1A63C65959A6EB76CB5C61A5E8F66111A2539F55", "EAC404329213DF471FF757B7F009DD8A087FC2C57793182718799AB73514DB48", "EB6E1E695AEE7162D2063471B65FA8BB5ACD4AA8DF2DD6282D0CF96F2F2E5EF3", "EBACEC12B1FAFB8277D01C889A4B93F8B5AFA2711133B35905480BF8B7D76382", "EF38988A8ADFAFD600C0AFEBC1A1C334BFCA6536F9015788D929A5A8036B9536", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F1239172E03209D2AACAF721206C0452EFC5D82A8E51665A4E7A18DFE799B6A2", "F36B2B0C795AAB35C070C1F451EEF4EC2B7111576274E3352545DC96C6338B2A", "F807B8BF8FED64B19F65955C5B53A0D49642FDDE53A817D6E414C47C2BE44889", "F847189F837954832A5D4C79716968441854E0CF05BFA8740F540844BB54683A", "FABB94D4F22FE933341A4AC48321DD3E7433EB12024376434818EBEED312A6EB", "FB7038711CD94F0B05673694D518462987220E995A1955584279EB344BADB046", "FBB7AE67F7891C45508D33A8A90E88C29E0C0B54420BD2A55E9AA9D1927DCB32", "FC8CA79FD2C6CBC557F053DC4CAF87FEB39E7073F9BC87B640242B449D46DEBD", "FCD1F2B6A6EBCC0ED4071B26367C683978C01FF7E8287DA4D600E165CED45E15", "FD5481A8FAEA26370800B3C24D5356F2495D324636876B8458455F763A9A8B1E", "FD96260AA7704B98DFDC3705B1491403987980F630CCE59A703A8C39858BD31F", "FE1BF646F073E0CD70183824B616E6F0E4BCE19482B6A4D40D24FE61BAEF307F", "FE437FB2E9A9A0946ADDE514833C925E94532DA07FB43C1B6825039C247A2558"]}, {"type": "ics", "idList": ["ICSA-21-159-10", "ICSA-21-336-06", "ICSA-21-336-08", "ICSA-22-069-09", "ICSA-22-272-02", "ICSA-23-059-01", "ICSA-23-166-10"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00438"]}, {"type": "kaspersky", "idList": ["KLA12006", "KLA12007", "KLA12017", "KLA12474"]}, {"type": "kitploit", "idList": ["KITPLOIT:2401425074991132396", "KITPLOIT:3974184594574360239"]}, {"type": "lenovo", "idList": ["LENOVO:PS500393-INTEL-GRAPHICS-DRIVERS-ADVISORY-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2019-0030", "MGASA-2019-0326", "MGASA-2020-0140", "MGASA-2020-0158", "MGASA-2020-0255", "MGASA-2020-0385", "MGASA-2020-0395", "MGASA-2020-0407", "MGASA-2020-0451", "MGASA-2020-0477", "MGASA-2020-0482", "MGASA-2021-0002", "MGASA-2021-0022", "MGASA-2021-0041", "MGASA-2021-0053", "MGASA-2021-0054", "MGASA-2021-0055", "MGASA-2021-0057", "MGASA-2021-0061", "MGASA-2021-0062", "MGASA-2021-0064", "MGASA-2021-0135", "MGASA-2021-0150", "MGASA-2021-0151", "MGASA-2021-0152", "MGASA-2021-0154", "MGASA-2021-0155", "MGASA-2021-0165", "MGASA-2021-0220", "MGASA-2021-0289", "MGASA-2021-0297", "MGASA-2021-0303", "MGASA-2021-0304", "MGASA-2021-0317", "MGASA-2021-0318", "MGASA-2021-0327"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:6942FE07F44A0622B6AB06B075B5E435"]}, {"type": "mscve", "idList": ["MS:CVE-2020-8927"]}, {"type": "nessus", "idList": ["AIX_IJ26985.NASL", "AIX_IJ26986.NASL", "AIX_IJ33276.NASL", "AIX_IJ33277.NASL", "AIX_IJ33278.NASL", "AIX_IJ33279.NASL", "AL2_ALAS-2020-1405.NASL", "AL2_ALAS-2020-1505.NASL", "AL2_ALAS-2021-1578.NASL", "AL2_ALAS-2021-1599.NASL", "AL2_ALAS-2021-1600.NASL", "AL2_ALAS-2021-1601.NASL", "AL2_ALAS-2021-1605.NASL", "AL2_ALAS-2021-1609.NASL", "AL2_ALAS-2021-1610.NASL", "AL2_ALAS-2021-1611.NASL", "AL2_ALAS-2021-1615.NASL", "AL2_ALAS-2021-1635.NASL", "AL2_ALAS-2021-1638.NASL", "AL2_ALAS-2021-1640.NASL", "AL2_ALAS-2021-1655.NASL", "AL2_ALAS-2021-1656.NASL", "AL2_ALAS-2021-1662.NASL", "AL2_ALAS-2021-1664.NASL", "AL2_ALAS-2021-1668.NASL", "AL2_ALAS-2021-1669.NASL", "AL2_ALAS-2021-1670.NASL", "AL2_ALAS-2021-1683.NASL", "AL2_ALAS-2021-1693.NASL", "AL2_ALAS-2022-1802.NASL", "AL2_ALAS-2022-1845.NASL", "AL2_ALAS-2022-1854.NASL", "AL2_ALASKERNEL-5_10-2022-001.NASL", "AL2_ALASKERNEL-5_10-2022-002.NASL", "AL2_ALASKERNEL-5_4-2022-020.NASL", "ALA_ALAS-2020-1360.NASL", "ALA_ALAS-2020-1444.NASL", "ALA_ALAS-2020-1454.NASL", "ALA_ALAS-2020-1471.NASL", "ALA_ALAS-2021-1471.NASL", "ALA_ALAS-2021-1480.NASL", "ALA_ALAS-2021-1484.NASL", "ALA_ALAS-2021-1498.NASL", "ALA_ALAS-2021-1500.NASL", "ALA_ALAS-2021-1504.NASL", "ALA_ALAS-2021-1508.NASL", "ALA_ALAS-2021-1511.NASL", "ALA_ALAS-2021-1518.NASL", "ALA_ALAS-2021-1526.NASL", "ALA_ALAS-2022-1593.NASL", "ALA_ALAS-2023-1743.NASL", "ALMA_LINUX_ALSA-2020-4431.NASL", "ALMA_LINUX_ALSA-2021-1093.NASL", "ALMA_LINUX_ALSA-2021-1578.NASL", "ALMA_LINUX_ALSA-2021-1581.NASL", "ALMA_LINUX_ALSA-2021-1582.NASL", "ALMA_LINUX_ALSA-2021-1585.NASL", "ALMA_LINUX_ALSA-2021-1593.NASL", "ALMA_LINUX_ALSA-2021-1597.NASL", "ALMA_LINUX_ALSA-2021-1609.NASL", "ALMA_LINUX_ALSA-2021-1610.NASL", "ALMA_LINUX_ALSA-2021-1611.NASL", "ALMA_LINUX_ALSA-2021-1620.NASL", "ALMA_LINUX_ALSA-2021-1627.NASL", "ALMA_LINUX_ALSA-2021-1631.NASL", "ALMA_LINUX_ALSA-2021-1633.NASL", "ALMA_LINUX_ALSA-2021-1675.NASL", "ALMA_LINUX_ALSA-2021-1678.NASL", "ALMA_LINUX_ALSA-2021-1702.NASL", "ALMA_LINUX_ALSA-2021-1968.NASL", "ALMA_LINUX_ALSA-2021-1989.NASL", "ALMA_LINUX_ALSA-2021-2168.NASL", "ALMA_LINUX_ALSA-2021-2170.NASL", "ALMA_LINUX_ALSA-2021-3572.NASL", "ALMA_LINUX_ALSA-2021-4226.NASL", "ALMA_LINUX_ALSA-2021-4526.NASL", "BIND9_91712_CVE-2021-25215.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS8_RHSA-2020-5493.NASL", "CENTOS8_RHSA-2021-1093.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-1581.NASL", "CENTOS8_RHSA-2021-1582.NASL", "CENTOS8_RHSA-2021-1585.NASL", "CENTOS8_RHSA-2021-1593.NASL", "CENTOS8_RHSA-2021-1597.NASL", "CENTOS8_RHSA-2021-1609.NASL", "CENTOS8_RHSA-2021-1610.NASL", "CENTOS8_RHSA-2021-1611.NASL", "CENTOS8_RHSA-2021-1620.NASL", "CENTOS8_RHSA-2021-1627.NASL", "CENTOS8_RHSA-2021-1631.NASL", "CENTOS8_RHSA-2021-1633.NASL", "CENTOS8_RHSA-2021-1675.NASL", "CENTOS8_RHSA-2021-1678.NASL", "CENTOS8_RHSA-2021-1702.NASL", "CENTOS8_RHSA-2021-1746.NASL", "CENTOS8_RHSA-2021-1761.NASL", "CENTOS8_RHSA-2021-1853.NASL", "CENTOS8_RHSA-2021-1879.NASL", "CENTOS8_RHSA-2021-1968.NASL", "CENTOS8_RHSA-2021-2170.NASL", "CENTOS8_RHSA-2021-3572.NASL", "CENTOS8_RHSA-2021-4151.NASL", "CENTOS8_RHSA-2021-4162.NASL", "CENTOS8_RHSA-2021-4226.NASL", "CENTOS8_RHSA-2021-4526.NASL", "CENTOS_RHSA-2020-3908.NASL", "CENTOS_RHSA-2021-0343.NASL", "CENTOS_RHSA-2021-0348.NASL", "CENTOS_RHSA-2021-1469.NASL", "CENTOS_RHSA-2021-2147.NASL", "CENTOS_RHSA-2021-2314.NASL", "CENTOS_RHSA-2022-5235.NASL", "CLOUDBEES_SECURITY_ADVISORY_2021-04-07.NASL", "CLOUDBEES_SECURITY_ADVISORY_2021-04-20.NASL", "DEBIAN_DLA-1600.NASL", "DEBIAN_DLA-1981.NASL", "DEBIAN_DLA-2221.NASL", "DEBIAN_DLA-2241.NASL", "DEBIAN_DLA-2242.NASL", "DEBIAN_DLA-2369.NASL", "DEBIAN_DLA-2382.NASL", "DEBIAN_DLA-2437.NASL", "DEBIAN_DLA-2456.NASL", "DEBIAN_DLA-2476.NASL", "DEBIAN_DLA-2500.NASL", "DEBIAN_DLA-2513.NASL", "DEBIAN_DLA-2556.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2569.NASL", "DEBIAN_DLA-2576.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DLA-2591.NASL", "DEBIAN_DLA-2592.NASL", "DEBIAN_DLA-2610.NASL", "DEBIAN_DLA-2619.NASL", "DEBIAN_DLA-2628.NASL", "DEBIAN_DLA-2647.NASL", "DEBIAN_DLA-2652.NASL", "DEBIAN_DLA-2686.NASL", "DEBIAN_DLA-2919.NASL", "DEBIAN_DLA-3044.NASL", "DEBIAN_DLA-3152.NASL", "DEBIAN_DLA-3164.NASL", "DEBIAN_DLA-3205.NASL", "DEBIAN_DLA-3380.NASL", "DEBIAN_DLA-3432.NASL", "DEBIAN_DLA-3445.NASL", "DEBIAN_DSA-4360.NASL", "DEBIAN_DSA-4428.NASL", "DEBIAN_DSA-4698.NASL", "DEBIAN_DSA-4782.NASL", "DEBIAN_DSA-4795.NASL", "DEBIAN_DSA-4801.NASL", "DEBIAN_DSA-4822.NASL", "DEBIAN_DSA-4843.NASL", "DEBIAN_DSA-4848.NASL", "DEBIAN_DSA-4881.NASL", "DEBIAN_DSA-4909.NASL", "EULEROS_SA-2019-1111.NASL", "EULEROS_SA-2019-1135.NASL", "EULEROS_SA-2019-1260.NASL", "EULEROS_SA-2019-1344.NASL", "EULEROS_SA-2019-1552.NASL", "EULEROS_SA-2019-1599.NASL", "EULEROS_SA-2019-1648.NASL", "EULEROS_SA-2019-1661.NASL", "EULEROS_SA-2019-1703.NASL", "EULEROS_SA-2019-1808.NASL", "EULEROS_SA-2019-1923.NASL", "EULEROS_SA-2019-1973.NASL", "EULEROS_SA-2019-2014.NASL", "EULEROS_SA-2019-2030.NASL", "EULEROS_SA-2019-2379.NASL", "EULEROS_SA-2019-2687.NASL", "EULEROS_SA-2020-1002.NASL", "EULEROS_SA-2020-1056.NASL", "EULEROS_SA-2020-1226.NASL", "EULEROS_SA-2020-1292.NASL", "EULEROS_SA-2020-1308.NASL", "EULEROS_SA-2020-1342.NASL", "EULEROS_SA-2020-1375.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1488.NASL", "EULEROS_SA-2020-1522.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1630.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-1737.NASL", "EULEROS_SA-2020-1820.NASL", "EULEROS_SA-2020-1827.NASL", "EULEROS_SA-2020-1842.NASL", "EULEROS_SA-2020-1894.NASL", "EULEROS_SA-2020-1908.NASL", "EULEROS_SA-2020-1930.NASL", "EULEROS_SA-2020-1943.NASL", "EULEROS_SA-2020-1967.NASL", "EULEROS_SA-2020-1987.NASL", "EULEROS_SA-2020-2031.NASL", "EULEROS_SA-2020-2059.NASL", "EULEROS_SA-2020-2061.NASL", "EULEROS_SA-2020-2085.NASL", "EULEROS_SA-2020-2122.NASL", "EULEROS_SA-2020-2154.NASL", "EULEROS_SA-2020-2160.NASL", "EULEROS_SA-2020-2163.NASL", "EULEROS_SA-2020-2168.NASL", "EULEROS_SA-2020-2172.NASL", "EULEROS_SA-2020-2173.NASL", "EULEROS_SA-2020-2178.NASL", "EULEROS_SA-2020-2182.NASL", "EULEROS_SA-2020-2216.NASL", "EULEROS_SA-2020-2279.NASL", "EULEROS_SA-2020-2289.NASL", "EULEROS_SA-2020-2301.NASL", "EULEROS_SA-2020-2317.NASL", "EULEROS_SA-2020-2318.NASL", "EULEROS_SA-2020-2337.NASL", "EULEROS_SA-2020-2366.NASL", "EULEROS_SA-2020-2380.NASL", "EULEROS_SA-2020-2388.NASL", "EULEROS_SA-2020-2398.NASL", "EULEROS_SA-2020-2402.NASL", "EULEROS_SA-2020-2419.NASL", "EULEROS_SA-2020-2437.NASL", "EULEROS_SA-2020-2453.NASL", "EULEROS_SA-2020-2459.NASL", "EULEROS_SA-2020-2478.NASL", "EULEROS_SA-2020-2487.NASL", "EULEROS_SA-2020-2489.NASL", "EULEROS_SA-2020-2500.NASL", "EULEROS_SA-2020-2502.NASL", "EULEROS_SA-2020-2508.NASL", "EULEROS_SA-2020-2527.NASL", "EULEROS_SA-2020-2528.NASL", "EULEROS_SA-2020-2572.NASL", "EULEROS_SA-2021-1003.NASL", "EULEROS_SA-2021-1010.NASL", "EULEROS_SA-2021-1013.NASL", "EULEROS_SA-2021-1015.NASL", "EULEROS_SA-2021-1018.NASL", "EULEROS_SA-2021-1022.NASL", "EULEROS_SA-2021-1029.NASL", "EULEROS_SA-2021-1032.NASL", "EULEROS_SA-2021-1034.NASL", "EULEROS_SA-2021-1037.NASL", "EULEROS_SA-2021-1047.NASL", "EULEROS_SA-2021-1051.NASL", "EULEROS_SA-2021-1063.NASL", "EULEROS_SA-2021-1080.NASL", "EULEROS_SA-2021-1093.NASL", "EULEROS_SA-2021-1102.NASL", "EULEROS_SA-2021-1103.NASL", "EULEROS_SA-2021-1105.NASL", "EULEROS_SA-2021-1114.NASL", "EULEROS_SA-2021-1137.NASL", "EULEROS_SA-2021-1142.NASL", "EULEROS_SA-2021-1149.NASL", "EULEROS_SA-2021-1150.NASL", "EULEROS_SA-2021-1157.NASL", "EULEROS_SA-2021-1161.NASL", "EULEROS_SA-2021-1174.NASL", "EULEROS_SA-2021-1176.NASL", "EULEROS_SA-2021-1226.NASL", "EULEROS_SA-2021-1258.NASL", "EULEROS_SA-2021-1277.NASL", "EULEROS_SA-2021-1287.NASL", "EULEROS_SA-2021-1299.NASL", "EULEROS_SA-2021-1312.NASL", "EULEROS_SA-2021-1333.NASL", "EULEROS_SA-2021-1337.NASL", "EULEROS_SA-2021-1340.NASL", "EULEROS_SA-2021-1350.NASL", "EULEROS_SA-2021-1382.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1394.NASL", "EULEROS_SA-2021-1397.NASL", "EULEROS_SA-2021-1399.NASL", "EULEROS_SA-2021-1401.NASL", "EULEROS_SA-2021-1403.NASL", "EULEROS_SA-2021-1410.NASL", "EULEROS_SA-2021-1412.NASL", "EULEROS_SA-2021-1414.NASL", "EULEROS_SA-2021-1415.NASL", "EULEROS_SA-2021-1416.NASL", "EULEROS_SA-2021-1417.NASL", "EULEROS_SA-2021-1419.NASL", "EULEROS_SA-2021-1425.NASL", "EULEROS_SA-2021-1426.NASL", "EULEROS_SA-2021-1449.NASL", "EULEROS_SA-2021-1466.NASL", "EULEROS_SA-2021-1477.NASL", "EULEROS_SA-2021-1487.NASL", "EULEROS_SA-2021-1495.NASL", "EULEROS_SA-2021-1502.NASL", "EULEROS_SA-2021-1503.NASL", "EULEROS_SA-2021-1507.NASL", "EULEROS_SA-2021-1512.NASL", "EULEROS_SA-2021-1522.NASL", "EULEROS_SA-2021-1523.NASL", "EULEROS_SA-2021-1534.NASL", "EULEROS_SA-2021-1537.NASL", "EULEROS_SA-2021-1543.NASL", "EULEROS_SA-2021-1544.NASL", "EULEROS_SA-2021-1548.NASL", "EULEROS_SA-2021-1553.NASL", "EULEROS_SA-2021-1555.NASL", "EULEROS_SA-2021-1560.NASL", "EULEROS_SA-2021-1562.NASL", "EULEROS_SA-2021-1563.NASL", "EULEROS_SA-2021-1568.NASL", "EULEROS_SA-2021-1574.NASL", "EULEROS_SA-2021-1578.NASL", "EULEROS_SA-2021-1579.NASL", "EULEROS_SA-2021-1596.NASL", "EULEROS_SA-2021-1605.NASL", "EULEROS_SA-2021-1610.NASL", "EULEROS_SA-2021-1615.NASL", "EULEROS_SA-2021-1618.NASL", "EULEROS_SA-2021-1620.NASL", "EULEROS_SA-2021-1621.NASL", "EULEROS_SA-2021-1623.NASL", "EULEROS_SA-2021-1626.NASL", "EULEROS_SA-2021-1628.NASL", "EULEROS_SA-2021-1629.NASL", "EULEROS_SA-2021-1634.NASL", "EULEROS_SA-2021-1636.NASL", "EULEROS_SA-2021-1638.NASL", "EULEROS_SA-2021-1640.NASL", "EULEROS_SA-2021-1641.NASL", "EULEROS_SA-2021-1645.NASL", "EULEROS_SA-2021-1649.NASL", "EULEROS_SA-2021-1659.NASL", "EULEROS_SA-2021-1661.NASL", "EULEROS_SA-2021-1665.NASL", "EULEROS_SA-2021-1672.NASL", "EULEROS_SA-2021-1676.NASL", "EULEROS_SA-2021-1685.NASL", "EULEROS_SA-2021-1693.NASL", "EULEROS_SA-2021-1697.NASL", "EULEROS_SA-2021-1709.NASL", "EULEROS_SA-2021-1711.NASL", "EULEROS_SA-2021-1712.NASL", "EULEROS_SA-2021-1713.NASL", "EULEROS_SA-2021-1715.NASL", "EULEROS_SA-2021-1722.NASL", "EULEROS_SA-2021-1724.NASL", "EULEROS_SA-2021-1737.NASL", "EULEROS_SA-2021-1738.NASL", "EULEROS_SA-2021-1747.NASL", "EULEROS_SA-2021-1750.NASL", "EULEROS_SA-2021-1751.NASL", "EULEROS_SA-2021-1759.NASL", "EULEROS_SA-2021-1789.NASL", "EULEROS_SA-2021-1790.NASL", "EULEROS_SA-2021-1835.NASL", "EULEROS_SA-2021-1857.NASL", "EULEROS_SA-2021-1868.NASL", "EULEROS_SA-2021-1871.NASL", "EULEROS_SA-2021-1872.NASL", "EULEROS_SA-2021-1874.NASL", "EULEROS_SA-2021-1879.NASL", "EULEROS_SA-2021-1886.NASL", "EULEROS_SA-2021-1898.NASL", "EULEROS_SA-2021-1899.NASL", "EULEROS_SA-2021-1901.NASL", "EULEROS_SA-2021-1911.NASL", "EULEROS_SA-2021-1921.NASL", "EULEROS_SA-2021-1924.NASL", "EULEROS_SA-2021-1925.NASL", "EULEROS_SA-2021-1926.NASL", "EULEROS_SA-2021-1929.NASL", "EULEROS_SA-2021-1936.NASL", "EULEROS_SA-2021-1942.NASL", "EULEROS_SA-2021-1945.NASL", "EULEROS_SA-2021-1946.NASL", "EULEROS_SA-2021-1947.NASL", "EULEROS_SA-2021-1950.NASL", "EULEROS_SA-2021-1957.NASL", "EULEROS_SA-2021-1967.NASL", "EULEROS_SA-2021-1975.NASL", "EULEROS_SA-2021-1983.NASL", "EULEROS_SA-2021-1997.NASL", "EULEROS_SA-2021-1999.NASL", "EULEROS_SA-2021-2000.NASL", "EULEROS_SA-2021-2002.NASL", "EULEROS_SA-2021-2007.NASL", "EULEROS_SA-2021-2013.NASL", "EULEROS_SA-2021-2022.NASL", "EULEROS_SA-2021-2028.NASL", "EULEROS_SA-2021-2030.NASL", "EULEROS_SA-2021-2034.NASL", "EULEROS_SA-2021-2040.NASL", "EULEROS_SA-2021-2062.NASL", "EULEROS_SA-2021-2075.NASL", "EULEROS_SA-2021-2076.NASL", "EULEROS_SA-2021-2092.NASL", "EULEROS_SA-2021-2096.NASL", "EULEROS_SA-2021-2101.NASL", "EULEROS_SA-2021-2117.NASL", "EULEROS_SA-2021-2124.NASL", "EULEROS_SA-2021-2132.NASL", "EULEROS_SA-2021-2136.NASL", "EULEROS_SA-2021-2141.NASL", "EULEROS_SA-2021-2150.NASL", "EULEROS_SA-2021-2152.NASL", "EULEROS_SA-2021-2155.NASL", "EULEROS_SA-2021-2157.NASL", "EULEROS_SA-2021-2159.NASL", "EULEROS_SA-2021-2169.NASL", "EULEROS_SA-2021-2171.NASL", "EULEROS_SA-2021-2172.NASL", "EULEROS_SA-2021-2175.NASL", "EULEROS_SA-2021-2180.NASL", "EULEROS_SA-2021-2194.NASL", "EULEROS_SA-2021-2210.NASL", "EULEROS_SA-2021-2216.NASL", "EULEROS_SA-2021-2236.NASL", "EULEROS_SA-2021-2259.NASL", "EULEROS_SA-2021-2262.NASL", "EULEROS_SA-2021-2285.NASL", "EULEROS_SA-2021-2318.NASL", "EULEROS_SA-2021-2320.NASL", "EULEROS_SA-2021-2351.NASL", "EULEROS_SA-2021-2354.NASL", "EULEROS_SA-2021-2373.NASL", "EULEROS_SA-2021-2374.NASL", "EULEROS_SA-2021-2392.NASL", "EULEROS_SA-2021-2427.NASL", "EULEROS_SA-2021-2436.NASL", "EULEROS_SA-2021-2485.NASL", "EULEROS_SA-2021-2502.NASL", "EULEROS_SA-2021-2541.NASL", "EULEROS_SA-2021-2565.NASL", "EULEROS_SA-2021-2572.NASL", "EULEROS_SA-2021-2588.NASL", "EULEROS_SA-2021-2620.NASL", "EULEROS_SA-2021-2857.NASL", "EULEROS_SA-2021-2867.NASL", "EULEROS_SA-2021-2869.NASL", "EULEROS_SA-2021-2875.NASL", "EULEROS_SA-2021-2909.NASL", "EULEROS_SA-2022-1100.NASL", "EULEROS_SA-2022-1109.NASL", "EULEROS_SA-2022-1150.NASL", "EULEROS_SA-2022-1155.NASL", "EULEROS_SA-2022-1265.NASL", "EULEROS_SA-2022-1688.NASL", "EULEROS_SA-2022-1711.NASL", "EULEROS_SA-2022-2274.NASL", "EULEROS_SA-2022-2294.NASL", "EULEROS_SA-2022-2323.NASL", "EULEROS_SA-2022-2350.NASL", "EULEROS_SA-2022-2386.NASL", "EULEROS_SA-2022-2491.NASL", "EULEROS_SA-2022-2511.NASL", "EULEROS_SA-2022-2724.NASL", "EULEROS_SA-2022-2759.NASL", "EULEROS_SA-2022-2817.NASL", "EULEROS_SA-2022-2826.NASL", "EULEROS_SA-2022-2842.NASL", "EULEROS_SA-2022-2851.NASL", "EULEROS_SA-2023-1007.NASL", "EULEROS_SA-2023-1032.NASL", "EULEROS_SA-2023-1055.NASL", "EULEROS_SA-2023-1107.NASL", "EULEROS_SA-2023-1131.NASL", "EULEROS_SA-2023-1144.NASL", "EULEROS_SA-2023-1150.NASL", "EULEROS_SA-2023-1165.NASL", "EULEROS_SA-2023-1171.NASL", "EULEROS_SA-2023-1188.NASL", "EULEROS_SA-2023-1218.NASL", "EULEROS_SA-2023-1244.NASL", "EULEROS_SA-2023-1299.NASL", "EULEROS_SA-2023-1627.NASL", "EULEROS_SA-2023-1661.NASL", "EULEROS_SA-2023-1713.NASL", "EULEROS_SA-2023-1734.NASL", "EULEROS_SA-2023-2035.NASL", "EULEROS_SA-2023-2087.NASL", "F5_BIGIP_SOL08641512.NASL", "F5_BIGIP_SOL15402727.NASL", "F5_BIGIP_SOL40508224.NASL", "F5_BIGIP_SOL44945790.NASL", "F5_BIGIP_SOL52494142.NASL", "F5_BIGIP_SOL61186963.NASL", "F5_BIGIP_SOL63525058.NASL", "F5_BIGIP_SOL68251873.NASL", "F5_BIGIP_SOL96223611.NASL", "FEDORA_2019-3FA5DB9E19.NASL", "FEDORA_2020-0477F8840E.NASL", "FEDORA_2020-0DF38B2843.NASL", "FEDORA_2020-126A0DD319.NASL", "FEDORA_2020-20AB468A33.NASL", "FEDORA_2020-221823EBDD.NASL", "FEDORA_2020-22D278923A.NASL", "FEDORA_2020-27B577AB23.NASL", "FEDORA_2020-2FAF839786.NASL", "FEDORA_2020-32193CBBE6.NASL", "FEDORA_2020-35087800BE.NASL", "FEDORA_2020-4021BF2AE8.NASL", "FEDORA_2020-62D2FF9FA8.NASL", "FEDORA_2020-7773C53BC8.NASL", "FEDORA_2020-7AB62C73BC.NASL", "FEDORA_2020-7DD29DACAD.NASL", "FEDORA_2020-864922E78A.NASL", "FEDORA_2020-887D3FA26F.NASL", "FEDORA_2020-9336B65F82.NASL", "FEDORA_2020-935F62C3D9.NASL", "FEDORA_2020-A857113C7A.NASL", "FEDORA_2020-AB3DACE708.NASL", "FEDORA_2020-B60DBDD538.NASL", "FEDORA_2020-B6AAF25741.NASL", "FEDORA_2020-BB91BF9B8E.NASL", "FEDORA_2020-BC9A739F0C.NASL", "FEDORA_2020-C663FBC46C.NASL", "FEDORA_2020-C76A35B209.NASL", "FEDORA_2020-CEAF490686.NASL", "FEDORA_2020-D30881C970.NASL", "FEDORA_2020-D42CB01973.NASL", "FEDORA_2020-DA832CB434.NASL", "FEDORA_2020-E21BD401AD.NASL", "FEDORA_2020-E33ACDEA18.NASL", "FEDORA_2020-E971480183.NASL", "FEDORA_2020-F29254BD5E.NASL", "FEDORA_2020-FD73C08076.NASL", "FEDORA_2020-FF317550E4.NASL", "FEDORA_2021-076A2DCCBA.NASL", "FEDORA_2021-17668E344A.NASL", "FEDORA_2021-1BB399A5AF.NASL", "FEDORA_2021-2897F5366C.NASL", "FEDORA_2021-309BC2E727.NASL", "FEDORA_2021-3352C1C802.NASL", "FEDORA_2021-42BA9FEB47.NASL", "FEDORA_2021-66547FF92D.NASL", "FEDORA_2021-6E581C051A.NASL", "FEDORA_2021-6E805A5051.NASL", "FEDORA_2021-6FEB090C97.NASL", "FEDORA_2021-7547AD987F.NASL", "FEDORA_2021-7C1BB32D13.NASL", "FEDORA_2021-7C71CDA8DA.NASL", "FEDORA_2021-7D3A9004E2.NASL", "FEDORA_2021-851C6E4E2D.NASL", "FEDORA_2021-879C756377.NASL", "FEDORA_2021-907F3BACAE.NASL", "FEDORA_2021-9503FFFAD9.NASL", "FEDORA_2021-B1843407CA.NASL", "FEDORA_2021-B326FCB83F.NASL", "FEDORA_2021-B76EDE8F4D.NASL", "FEDORA_2021-CC3FF94CFC.NASL", "FEDORA_2021-CED31F3F0C.NASL", "FEDORA_2021-D5CDE50865.NASL", "FEDORA_2021-E3A5A74610.NASL", "FEDORA_2021-E435A8BB88.NASL", "FEDORA_2021-E49DA8A226.NASL", "FEDORA_2021-EF83E8525A.NASL", "FEDORA_2021-F4FD9372C7.NASL", "FEDORA_2021-FAF88B9499.NASL", "FREEBSD_PKG_0E38B8F875DD11EB83F28C164567CA3C.NASL", "FREEBSD_PKG_388EBB5B3C9511EB929DD4C9EF517024.NASL", "FREEBSD_PKG_3C77F1393A0911EB929DD4C9EF517024.NASL", "FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL", "FREEBSD_PKG_6A4805D55AAF11EBA21D79F5BC5EF6A9.NASL", "FREEBSD_PKG_9595D002EDEB4602BE2D791CD654247E.NASL", "FREEBSD_PKG_B905DFF4E22711EAB0EA08002728F74C.NASL", "FREEBSD_PKG_C4AC9C79AB3711EA8B5EB42E99A1B9C3.NASL", "FREEBSD_PKG_DB4B2F27252A11EB865C00155D646400.NASL", "FREEBSD_PKG_E358B470B37D4E47BC8A2CD9ADBEB63C.NASL", "FREEBSD_PKG_E37A0A7BE1A711EA95380C9D925BBBC0.NASL", "FREEBSD_PKG_F59AF30807F311EA8C56F8B156B6DCC8.NASL", "FREEBSD_PKG_F5ABAFC0FCF611EA8758E0D55E2A8BF9.NASL", "FREEBSD_PKG_FDC499723CA711EB929DD4C9EF517024.NASL", "GENTOO_GLSA-201908-11.NASL", "GENTOO_GLSA-202006-03.NASL", "GENTOO_GLSA-202006-04.NASL", "GENTOO_GLSA-202007-26.NASL", "GENTOO_GLSA-202011-17.NASL", "GENTOO_GLSA-202012-14.NASL", "GENTOO_GLSA-202012-21.NASL", "GENTOO_GLSA-202101-18.NASL", "GENTOO_GLSA-202101-20.NASL", "GENTOO_GLSA-202101-38.NASL", "GENTOO_GLSA-202103-02.NASL", "GENTOO_GLSA-202104-04.NASL", "GENTOO_GLSA-202107-05.NASL", "GENTOO_GLSA-202107-07.NASL", "GENTOO_GLSA-202107-13.NASL", "GENTOO_GLSA-202208-02.NASL", "IBM_COGNOS_6615285.NASL", "JENKINS_2_286.NASL", "JENKINS_2_287.NASL", "JUNIPER_JSA11207.NASL", "JUNIPER_JSA69705.NASL", "MACOS_HT211931.NASL", "MACOS_HT212147.NASL", "MACOS_HT212325.NASL", "MACOS_HT212326.NASL", "MACOS_HT212327.NASL", "MACOS_MS22_APR_VISUAL_STUDIO.NASL", "MYSQL_8_0_24.NASL", "NEWSTART_CGSL_NS-SA-2021-0043_CPIO.NASL", "NEWSTART_CGSL_NS-SA-2021-0053_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2021-0095_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0099_PERL.NASL", "NEWSTART_CGSL_NS-SA-2021-0106_BIND.NASL", "NEWSTART_CGSL_NS-SA-2021-0114_OPENLDAP.NASL", "NEWSTART_CGSL_NS-SA-2021-0130_PYTHON-URLLIB3.NASL", "NEWSTART_CGSL_NS-SA-2021-0134_PERL.NASL", "NEWSTART_CGSL_NS-SA-2021-0169_CPIO.NASL", "NEWSTART_CGSL_NS-SA-2021-0180_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2021-0184_PERL.NASL", "NEWSTART_CGSL_NS-SA-2022-0005_NSS.NASL", "NEWSTART_CGSL_NS-SA-2022-0006_GLIB2.NASL", "NEWSTART_CGSL_NS-SA-2022-0008_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0010_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0026_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0028_BIND.NASL", "NEWSTART_CGSL_NS-SA-2022-0030_NSS.NASL", "NEWSTART_CGSL_NS-SA-2022-0031_GLIB2.NASL", "NEWSTART_CGSL_NS-SA-2022-0035_OPENLDAP.NASL", "NEWSTART_CGSL_NS-SA-2022-0044_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0049_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2022-0050_LIBXML2.NASL", "NEWSTART_CGSL_NS-SA-2022-0051_BIND.NASL", "NEWSTART_CGSL_NS-SA-2022-0052_SQLITE.NASL", "NEWSTART_CGSL_NS-SA-2022-0053_GLIB2.NASL", "NEWSTART_CGSL_NS-SA-2022-0055_SYSTEMD.NASL", "NEWSTART_CGSL_NS-SA-2022-0056_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0057_KRB5.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_CPIO.NASL", "NEWSTART_CGSL_NS-SA-2022-0059_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0063_LINUX-FIRMWARE.NASL", "NEWSTART_CGSL_NS-SA-2022-0064_UNBOUND.NASL", "NEWSTART_CGSL_NS-SA-2022-0066_P11-KIT.NASL", "NEWSTART_CGSL_NS-SA-2022-0066_TROUSERS.NASL", "NEWSTART_CGSL_NS-SA-2022-0078_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2022-0083_CURL.NASL", "NEWSTART_CGSL_NS-SA-2022-0085_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0092_LIBARCHIVE.NASL", "NEWSTART_CGSL_NS-SA-2022-0098_NSS.NASL", "NEWSTART_CGSL_NS-SA-2022-0102_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2023-0008_PYTHON.NASL", "NNM_6_2_2.NASL", "NUTANIX_NXSA-AHV-20201105_1021.NASL", "NUTANIX_NXSA-AHV-20201105_1082.NASL", "NUTANIX_NXSA-AHV-20201105_2076.NASL", "NUTANIX_NXSA-AHV-20201105_2175.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AHV-20220304_242.NASL", "NUTANIX_NXSA-AHV-20230302_207.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_15_5_5.NASL", "NUTANIX_NXSA-AOS-5_15_6.NASL", "NUTANIX_NXSA-AOS-5_15_7.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "NUTANIX_NXSA-AOS-5_19_2.NASL", "NUTANIX_NXSA-AOS-5_20.NASL", "NUTANIX_NXSA-AOS-5_20_1.NASL", "NUTANIX_NXSA-AOS-5_20_2.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_0.NASL", "NUTANIX_NXSA-AOS-6_0_1.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_5_1_5.NASL", "NUTANIX_NXSA-AOS-6_5_2.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "OPENSUSE-2018-1365.NASL", "OPENSUSE-2018-1366.NASL", "OPENSUSE-2019-1450.NASL", "OPENSUSE-2019-1798.NASL", "OPENSUSE-2019-2593.NASL", "OPENSUSE-2019-2596.NASL", "OPENSUSE-2019-888.NASL", "OPENSUSE-2020-1345.NASL", "OPENSUSE-2020-1359.NASL", "OPENSUSE-2020-1430.NASL", "OPENSUSE-2020-1465.NASL", "OPENSUSE-2020-1494.NASL", "OPENSUSE-2020-1578.NASL", "OPENSUSE-2020-1859.NASL", "OPENSUSE-2020-1918.NASL", "OPENSUSE-2020-1920.NASL", "OPENSUSE-2020-1988.NASL", "OPENSUSE-2020-2037.NASL", "OPENSUSE-2020-2047.NASL", "OPENSUSE-2020-2062.NASL", "OPENSUSE-2020-2067.NASL", "OPENSUSE-2020-2139.NASL", "OPENSUSE-2020-2222.NASL", "OPENSUSE-2020-2237.NASL", "OPENSUSE-2020-2238.NASL", "OPENSUSE-2020-2249.NASL", "OPENSUSE-2020-2282.NASL", "OPENSUSE-2020-2332.NASL", "OPENSUSE-2020-2333.NASL", "OPENSUSE-2020-336.NASL", "OPENSUSE-2020-850.NASL", "OPENSUSE-2021-1058.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-1206.NASL", "OPENSUSE-2021-1611.NASL", "OPENSUSE-2021-1826.NASL", "OPENSUSE-2021-190.NASL", "OPENSUSE-2021-192.NASL", "OPENSUSE-2021-194.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-2005.NASL", "OPENSUSE-2021-2320.NASL", "OPENSUSE-2021-241.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-270.NASL", "OPENSUSE-2021-2795.NASL", "OPENSUSE-2021-2817.NASL", "OPENSUSE-2021-331.NASL", "OPENSUSE-2021-358.NASL", "OPENSUSE-2021-393.NASL", "OPENSUSE-2021-3942.NASL", "OPENSUSE-2021-406.NASL", "OPENSUSE-2021-407.NASL", "OPENSUSE-2021-4154.NASL", "OPENSUSE-2021-435.NASL", "OPENSUSE-2021-532.NASL", "OPENSUSE-2021-668.NASL", "OPENSUSE-2021-682.NASL", "OPENSUSE-2021-758.NASL", "OPENSUSE-2022-0176-1.NASL", "ORACLELINUX_ELSA-2020-3908.NASL", "ORACLELINUX_ELSA-2020-4431.NASL", "ORACLELINUX_ELSA-2020-5493.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2021-0343.NASL", "ORACLELINUX_ELSA-2021-0348.NASL", "ORACLELINUX_ELSA-2021-1093.NASL", "ORACLELINUX_ELSA-2021-1384.NASL", "ORACLELINUX_ELSA-2021-1389.NASL", "ORACLELINUX_ELSA-2021-1469.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-1581.NASL", "ORACLELINUX_ELSA-2021-1582.NASL", "ORACLELINUX_ELSA-2021-1585.NASL", "ORACLELINUX_ELSA-2021-1593.NASL", "ORACLELINUX_ELSA-2021-1597.NASL", "ORACLELINUX_ELSA-2021-1609.NASL", "ORACLELINUX_ELSA-2021-1610.NASL", "ORACLELINUX_ELSA-2021-1611.NASL", "ORACLELINUX_ELSA-2021-1627.NASL", "ORACLELINUX_ELSA-2021-1631.NASL", "ORACLELINUX_ELSA-2021-1633.NASL", "ORACLELINUX_ELSA-2021-1675.NASL", "ORACLELINUX_ELSA-2021-1678.NASL", "ORACLELINUX_ELSA-2021-1702.NASL", "ORACLELINUX_ELSA-2021-1746.NASL", "ORACLELINUX_ELSA-2021-1761.NASL", "ORACLELINUX_ELSA-2021-1853.NASL", "ORACLELINUX_ELSA-2021-1879.NASL", "ORACLELINUX_ELSA-2021-1989.NASL", "ORACLELINUX_ELSA-2021-2147.NASL", "ORACLELINUX_ELSA-2021-2168.NASL", "ORACLELINUX_ELSA-2021-2170.NASL", "ORACLELINUX_ELSA-2021-2314.NASL", "ORACLELINUX_ELSA-2021-3572.NASL", "ORACLELINUX_ELSA-2021-4151.NASL", "ORACLELINUX_ELSA-2021-4162.NASL", "ORACLELINUX_ELSA-2021-4226.NASL", "ORACLELINUX_ELSA-2021-9084.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9087.NASL", "ORACLELINUX_ELSA-2021-9100.NASL", "ORACLELINUX_ELSA-2021-9101.NASL", "ORACLELINUX_ELSA-2021-9107.NASL", "ORACLELINUX_ELSA-2021-9128.NASL", "ORACLELINUX_ELSA-2021-9129.NASL", "ORACLELINUX_ELSA-2021-9130.NASL", "ORACLELINUX_ELSA-2021-9140.NASL", "ORACLELINUX_ELSA-2021-9141.NASL", "ORACLELINUX_ELSA-2021-9213.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "ORACLELINUX_ELSA-2021-9238.NASL", "ORACLELINUX_ELSA-2021-9280.NASL", "ORACLELINUX_ELSA-2021-9294.NASL", "ORACLELINUX_ELSA-2021-9318.NASL", "ORACLELINUX_ELSA-2021-9344.NASL", "ORACLELINUX_ELSA-2021-9434.NASL", "ORACLELINUX_ELSA-2022-0827.NASL", "ORACLELINUX_ELSA-2022-0830.NASL", "ORACLELINUX_ELSA-2022-5235.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2021-0019.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_JAN_2022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_JAN_2022_UI.NASL", "ORACLE_HTTP_SERVER_CPU_APR_2022.NASL", "ORACLE_RDBMS_CPU_JAN_2021.NASL", "ORACLE_RDBMS_CPU_JAN_2023.NASL", "ORACLE_RDBMS_CPU_JAN_2023_WIN.NASL", "ORACLE_RDBMS_CPU_JUL_2021.NASL", "PHOTONOS_PHSA-2019-1_0-0228_SYSTEMD.NASL", "PHOTONOS_PHSA-2019-2_0-0153_SYSTEMD.NASL", "PHOTONOS_PHSA-2020-1_0-0267_CPIO.NASL", "PHOTONOS_PHSA-2020-1_0-0298_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0301_PERL.NASL", "PHOTONOS_PHSA-2020-1_0-0301_SYSTEMD.NASL", "PHOTONOS_PHSA-2020-1_0-0302_PERL.NASL", "PHOTONOS_PHSA-2020-1_0-0308_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0315_CURL.NASL", "PHOTONOS_PHSA-2020-1_0-0332_PYTHON3.NASL", "PHOTONOS_PHSA-2020-1_0-0338_PYTHON3.NASL", "PHOTONOS_PHSA-2020-1_0-0346_CURL.NASL", "PHOTONOS_PHSA-2020-1_0-0349_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-2_0-0202_CPIO.NASL", "PHOTONOS_PHSA-2020-2_0-0249_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0252_SYSTEMD.NASL", "PHOTONOS_PHSA-2020-2_0-0254_PERL.NASL", "PHOTONOS_PHSA-2020-2_0-0261_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0273_CURL.NASL", "PHOTONOS_PHSA-2020-2_0-0277_TROUSERS.NASL", "PHOTONOS_PHSA-2020-2_0-0285_LIBXML2.NASL", "PHOTONOS_PHSA-2020-2_0-0289_PYTHON3.NASL", "PHOTONOS_PHSA-2020-2_0-0295_PYTHON3.NASL", "PHOTONOS_PHSA-2020-2_0-0304_CURL.NASL", "PHOTONOS_PHSA-2020-3_0-0053_CPIO.NASL", "PHOTONOS_PHSA-2020-3_0-0101_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0103_SYSTEMD.NASL", "PHOTONOS_PHSA-2020-3_0-0104_PERL.NASL", "PHOTONOS_PHSA-2020-3_0-0113_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0129_CURL.NASL", "PHOTONOS_PHSA-2020-3_0-0131_TROUSERS.NASL", "PHOTONOS_PHSA-2020-3_0-0142_LIBXML2.NASL", "PHOTONOS_PHSA-2020-3_0-0155_PYTHON3.NASL", "PHOTONOS_PHSA-2020-3_0-0161_PYTHON3.NASL", "PHOTONOS_PHSA-2020-3_0-0174_CURL.NASL", "PHOTONOS_PHSA-2020-3_0-0180_OPENLDAP.NASL", "PHOTONOS_PHSA-2021-1_0-0354_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0360_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0362_UNBOUND.NASL", "PHOTONOS_PHSA-2021-1_0-0365_GLIB.NASL", "PHOTONOS_PHSA-2021-1_0-0371_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0390_UNBOUND.NASL", "PHOTONOS_PHSA-2021-1_0-0391_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0308_OPENLDAP.NASL", "PHOTONOS_PHSA-2021-2_0-0315_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0317_PYTHON3.NASL", "PHOTONOS_PHSA-2021-2_0-0320_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0320_UNBOUND.NASL", "PHOTONOS_PHSA-2021-2_0-0322_GLIB.NASL", "PHOTONOS_PHSA-2021-2_0-0322_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0327_PYTHON3.NASL", "PHOTONOS_PHSA-2021-2_0-0329_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0348_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0393_PYTHON.NASL", "PHOTONOS_PHSA-2021-3_0-0189_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0192_PYTHON3.NASL", "PHOTONOS_PHSA-2021-3_0-0193_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0197_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0201_GLIB.NASL", "PHOTONOS_PHSA-2021-3_0-0214_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0236_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0240_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-3_0-0246_PYTHON.NASL", "PHOTONOS_PHSA-2021-3_0-0248_GO.NASL", "PHOTONOS_PHSA-2021-3_0-0342_KRB5.NASL", "PHOTONOS_PHSA-2021-4_0-0001_GLIB.NASL", "PHOTONOS_PHSA-2021-4_0-0005_GLIBC.NASL", "PHOTONOS_PHSA-2021-4_0-0006_PERL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0007_MYSQL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_PYTHON3.NASL", "PHOTONOS_PHSA-2021-4_0-0013_GO.NASL", "PHOTONOS_PHSA-2021-4_0-0039_BINDUTILS.NASL", "PYTHON_3_9_1.NASL", "REDHAT-RHSA-2020-3908.NASL", "REDHAT-RHSA-2020-4273.NASL", "REDHAT-RHSA-2020-4285.NASL", "REDHAT-RHSA-2020-4299.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-5333.NASL", "REDHAT-RHSA-2020-5493.NASL", "REDHAT-RHSA-2020-5634.NASL", "REDHAT-RHSA-2021-0034.NASL", "REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0079.NASL", "REDHAT-RHSA-2021-0172.NASL", "REDHAT-RHSA-2021-0343.NASL", "REDHAT-RHSA-2021-0348.NASL", "REDHAT-RHSA-2021-0883.NASL", "REDHAT-RHSA-2021-0956.NASL", "REDHAT-RHSA-2021-0958.NASL", "REDHAT-RHSA-2021-1006.NASL", "REDHAT-RHSA-2021-1032.NASL", "REDHAT-RHSA-2021-1081.NASL", "REDHAT-RHSA-2021-1093.NASL", "REDHAT-RHSA-2021-1266.NASL", "REDHAT-RHSA-2021-1272.NASL", "REDHAT-RHSA-2021-1279.NASL", "REDHAT-RHSA-2021-1295.NASL", "REDHAT-RHSA-2021-1366.NASL", "REDHAT-RHSA-2021-1379.NASL", "REDHAT-RHSA-2021-1384.NASL", "REDHAT-RHSA-2021-1389.NASL", "REDHAT-RHSA-2021-1468.NASL", "REDHAT-RHSA-2021-1469.NASL", "REDHAT-RHSA-2021-1475.NASL", "REDHAT-RHSA-2021-1476.NASL", "REDHAT-RHSA-2021-1477.NASL", "REDHAT-RHSA-2021-1478.NASL", "REDHAT-RHSA-2021-1479.NASL", "REDHAT-RHSA-2021-1509.NASL", "REDHAT-RHSA-2021-1551.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1581.NASL", "REDHAT-RHSA-2021-1582.NASL", "REDHAT-RHSA-2021-1585.NASL", "REDHAT-RHSA-2021-1593.NASL", "REDHAT-RHSA-2021-1597.NASL", "REDHAT-RHSA-2021-1609.NASL", "REDHAT-RHSA-2021-1610.NASL", "REDHAT-RHSA-2021-1611.NASL", "REDHAT-RHSA-2021-1620.NASL", "REDHAT-RHSA-2021-1627.NASL", "REDHAT-RHSA-2021-1631.NASL", "REDHAT-RHSA-2021-1633.NASL", "REDHAT-RHSA-2021-1675.NASL", "REDHAT-RHSA-2021-1678.NASL", "REDHAT-RHSA-2021-1702.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-1746.NASL", "REDHAT-RHSA-2021-1761.NASL", "REDHAT-RHSA-2021-1853.NASL", "REDHAT-RHSA-2021-1879.NASL", "REDHAT-RHSA-2021-1968.NASL", "REDHAT-RHSA-2021-1989.NASL", "REDHAT-RHSA-2021-2024.NASL", "REDHAT-RHSA-2021-2028.NASL", "REDHAT-RHSA-2021-2099.NASL", "REDHAT-RHSA-2021-2106.NASL", "REDHAT-RHSA-2021-2147.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2165.NASL", "REDHAT-RHSA-2021-2168.NASL", "REDHAT-RHSA-2021-2169.NASL", "REDHAT-RHSA-2021-2170.NASL", "REDHAT-RHSA-2021-2171.NASL", "REDHAT-RHSA-2021-2172.NASL", "REDHAT-RHSA-2021-2173.NASL", "REDHAT-RHSA-2021-2174.NASL", "REDHAT-RHSA-2021-2175.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "REDHAT-RHSA-2021-2203.NASL", "REDHAT-RHSA-2021-2204.NASL", "REDHAT-RHSA-2021-2239.NASL", "REDHAT-RHSA-2021-2285.NASL", "REDHAT-RHSA-2021-2293.NASL", "REDHAT-RHSA-2021-2314.NASL", "REDHAT-RHSA-2021-2316.NASL", "REDHAT-RHSA-2021-2355.NASL", "REDHAT-RHSA-2021-2437.NASL", "REDHAT-RHSA-2021-2467.NASL", "REDHAT-RHSA-2021-2472.NASL", "REDHAT-RHSA-2021-2519.NASL", "REDHAT-RHSA-2021-2522.NASL", "REDHAT-RHSA-2021-2523.NASL", "REDHAT-RHSA-2021-2730.NASL", "REDHAT-RHSA-2021-2731.NASL", "REDHAT-RHSA-2021-2732.NASL", "REDHAT-RHSA-2021-2733.NASL", "REDHAT-RHSA-2021-2735.NASL", "REDHAT-RHSA-2021-2792.NASL", "REDHAT-RHSA-2021-3252.NASL", "REDHAT-RHSA-2021-3254.NASL", "REDHAT-RHSA-2021-3320.NASL", "REDHAT-RHSA-2021-3366.NASL", "REDHAT-RHSA-2021-3399.NASL", "REDHAT-RHSA-2021-3522.NASL", "REDHAT-RHSA-2021-3523.NASL", "REDHAT-RHSA-2021-3572.NASL", "REDHAT-RHSA-2021-3900.NASL", "REDHAT-RHSA-2021-4151.NASL", "REDHAT-RHSA-2021-4162.NASL", "REDHAT-RHSA-2021-4226.NASL", "REDHAT-RHSA-2021-4526.NASL", "REDHAT-RHSA-2022-0073.NASL", "REDHAT-RHSA-2022-0308.NASL", "REDHAT-RHSA-2022-0632.NASL", "REDHAT-RHSA-2022-0827.NASL", "REDHAT-RHSA-2022-0828.NASL", "REDHAT-RHSA-2022-0829.NASL", "REDHAT-RHSA-2022-0830.NASL", "REDHAT-RHSA-2022-5235.NASL", "ROCKY_LINUX_RLSA-2021-1989.NASL", "ROCKY_LINUX_RLSA-2021-2168.NASL", "ROCKY_LINUX_RLSA-2021-2170.NASL", "ROCKY_LINUX_RLSA-2021-3572.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SLACKWARE_SSA_2020-086-01.NASL", "SLACKWARE_SSA_2020-232-01.NASL", "SLACKWARE_SSA_2020-344-01.NASL", "SLACKWARE_SSA_2020-347-01.NASL", "SLACKWARE_SSA_2021-118-01.NASL", "SL_20201001_CPIO_ON_SL7_X.NASL", "SL_20210202_GLIBC_ON_SL7_X.NASL", "SL_20210202_PERL_ON_SL7_X.NASL", "SL_20210601_GLIB2_ON_SL7_X.NASL", "SL_20210609_KERNEL_ON_SL7_X.NASL", "SL_20220628_PYTHON_ON_SL7_X.NASL", "SMB_NT_MS22_MAR_DOTNET_CORE.NASL", "SMB_NT_MS22_MAR_VISUAL_STUDIO.NASL", "SUSE_SU-2018-3571-1.NASL", "SUSE_SU-2018-3640-1.NASL", "SUSE_SU-2018-3640-2.NASL", "SUSE_SU-2019-1102-1.NASL", "SUSE_SU-2019-1265-1.NASL", "SUSE_SU-2019-1364-1.NASL", "SUSE_SU-2019-1364-2.NASL", "SUSE_SU-2019-14084-1.NASL", "SUSE_SU-2019-1877-1.NASL", "SUSE_SU-2019-1958-1.NASL", "SUSE_SU-2019-1958-2.NASL", "SUSE_SU-2019-3059-1.NASL", "SUSE_SU-2019-3064-1.NASL", "SUSE_SU-2019-3092-1.NASL", "SUSE_SU-2020-0558-1.NASL", "SUSE_SU-2020-0559-1.NASL", "SUSE_SU-2020-0560-1.NASL", "SUSE_SU-2020-0580-1.NASL", "SUSE_SU-2020-0584-1.NASL", "SUSE_SU-2020-0688-1.NASL", "SUSE_SU-2020-0836-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-14354-1.NASL", "SUSE_SU-2020-14481-1.NASL", "SUSE_SU-2020-14541-1.NASL", "SUSE_SU-2020-14550-1.NASL", "SUSE_SU-2020-14585-1.NASL", "SUSE_SU-2020-1662-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-1682-1.NASL", "SUSE_SU-2020-1682-2.NASL", "SUSE_SU-2020-2444-1.NASL", "SUSE_SU-2020-2445-1.NASL", "SUSE_SU-2020-2446-1.NASL", "SUSE_SU-2020-2609-1.NASL", "SUSE_SU-2020-2612-1.NASL", "SUSE_SU-2020-3115-1.NASL", "SUSE_SU-2020-3121-1.NASL", "SUSE_SU-2020-3262-1.NASL", "SUSE_SU-2020-3313-1.NASL", "SUSE_SU-2020-3314-1.NASL", "SUSE_SU-2020-3315-1.NASL", "SUSE_SU-2020-3368-1.NASL", "SUSE_SU-2020-3369-1.NASL", "SUSE_SU-2020-3375-1.NASL", "SUSE_SU-2020-3377-1.NASL", "SUSE_SU-2020-3379-1.NASL", "SUSE_SU-2020-3563-1.NASL", "SUSE_SU-2020-3733-1.NASL", "SUSE_SU-2020-3735-1.NASL", "SUSE_SU-2020-3739-1.NASL", "SUSE_SU-2020-3865-1.NASL", "SUSE_SU-2020-3930-1.NASL", "SUSE_SU-2021-0222-1.NASL", "SUSE_SU-2021-0223-1.NASL", "SUSE_SU-2021-0348-1.NASL", "SUSE_SU-2021-0353-1.NASL", "SUSE_SU-2021-0354-1.NASL", "SUSE_SU-2021-0355-1.NASL", "SUSE_SU-2021-0427-1.NASL", "SUSE_SU-2021-0428-1.NASL", "SUSE_SU-2021-0432-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0529-1.NASL", "SUSE_SU-2021-0532-1.NASL", "SUSE_SU-2021-0608-1.NASL", "SUSE_SU-2021-0653-1.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-0768-1.NASL", "SUSE_SU-2021-0778-1.NASL", "SUSE_SU-2021-0794-1.NASL", "SUSE_SU-2021-0801-1.NASL", "SUSE_SU-2021-0870-1.NASL", "SUSE_SU-2021-0886-1.NASL", "SUSE_SU-2021-0887-1.NASL", "SUSE_SU-2021-0890-1.NASL", "SUSE_SU-2021-0947-1.NASL", "SUSE_SU-2021-1165-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-14630-1.NASL", "SUSE_SU-2021-1468-1.NASL", "SUSE_SU-2021-1469-1.NASL", "SUSE_SU-2021-1471-1.NASL", "SUSE_SU-2021-14714-1.NASL", "SUSE_SU-2021-14729-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1621-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1652-1.NASL", "SUSE_SU-2021-1786-1.NASL", "SUSE_SU-2021-1826-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-2005-1.NASL", "SUSE_SU-2021-2320-1.NASL", "SUSE_SU-2021-2480-1.NASL", "SUSE_SU-2021-2817-1.NASL", "SUSE_SU-2021-3215-1.NASL", "SUSE_SU-2021-3251-1.NASL", "SUSE_SU-2021-3830-1.NASL", "SUSE_SU-2021-3942-1.NASL", "SUSE_SU-2021-4154-1.NASL", "SUSE_SU-2022-0176-1.NASL", "SUSE_SU-2022-0176-2.NASL", "SUSE_SU-2022-0301-1.NASL", "SUSE_SU-2022-0323-1.NASL", "SUSE_SU-2022-2405-1.NASL", "SUSE_SU-2022-2798-1.NASL", "SUSE_SU-2022-2800-1.NASL", "SUSE_SU-2022-2871-1.NASL", "SUSE_SU-2022-2886-1.NASL", "SUSE_SU-2022-4214-1.NASL", "SUSE_SU-2022-4289-1.NASL", "UBUNTU_USN-3859-1.NASL", "UBUNTU_USN-3938-1.NASL", "UBUNTU_USN-4176-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "UBUNTU_USN-4394-1.NASL", "UBUNTU_USN-4416-1.NASL", "UBUNTU_USN-4438-1.NASL", "UBUNTU_USN-4466-1.NASL", "UBUNTU_USN-4568-1.NASL", "UBUNTU_USN-4570-1.NASL", "UBUNTU_USN-4581-1.NASL", "UBUNTU_USN-4602-1.NASL", "UBUNTU_USN-4622-1.NASL", "UBUNTU_USN-4635-1.NASL", "UBUNTU_USN-4665-1.NASL", "UBUNTU_USN-4677-1.NASL", "UBUNTU_USN-4742-1.NASL", "UBUNTU_USN-4754-1.NASL", "UBUNTU_USN-4754-3.NASL", "UBUNTU_USN-4754-4.NASL", "UBUNTU_USN-4759-1.NASL", "UBUNTU_USN-4878-1.NASL", "UBUNTU_USN-4884-1.NASL", "UBUNTU_USN-4887-1.NASL", "UBUNTU_USN-4890-1.NASL", "UBUNTU_USN-4907-1.NASL", "UBUNTU_USN-4910-1.NASL", "UBUNTU_USN-4929-1.NASL", "UBUNTU_USN-4938-1.NASL", "UBUNTU_USN-4977-1.NASL", "UBUNTU_USN-4983-1.NASL", "UBUNTU_USN-4991-1.NASL", "UBUNTU_USN-4997-1.NASL", "UBUNTU_USN-4997-2.NASL", "UBUNTU_USN-5001-1.NASL", "UBUNTU_USN-5310-1.NASL", "UBUNTU_USN-5410-1.NASL", "UBUNTU_USN-5699-1.NASL", "UBUNTU_USN-5768-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL", "WEB_APPLICATION_SCANNING_112993", "WEB_APPLICATION_SCANNING_112994", "WEB_APPLICATION_SCANNING_112995"]}, {"type": "nodejs", "idList": ["NODEJS:1658"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704360", "OPENVAS:1361412562310704428", "OPENVAS:1361412562310704698", "OPENVAS:1361412562310843871", "OPENVAS:1361412562310843968", "OPENVAS:1361412562310844226", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310844467", "OPENVAS:1361412562310844490", "OPENVAS:1361412562310852113", "OPENVAS:1361412562310852119", "OPENVAS:1361412562310852518", "OPENVAS:1361412562310852790", "OPENVAS:1361412562310852850", "OPENVAS:1361412562310853070", "OPENVAS:1361412562310853226", "OPENVAS:1361412562310875306", "OPENVAS:1361412562310875610", "OPENVAS:1361412562310877942", "OPENVAS:1361412562310877945", "OPENVAS:1361412562310877986", "OPENVAS:1361412562310891600", "OPENVAS:1361412562310891762", "OPENVAS:1361412562310891981", "OPENVAS:1361412562310892221", "OPENVAS:1361412562310892241", "OPENVAS:1361412562310892242", "OPENVAS:1361412562311220191111", "OPENVAS:1361412562311220191135", "OPENVAS:1361412562311220191260", "OPENVAS:1361412562311220191344", "OPENVAS:1361412562311220191552", "OPENVAS:1361412562311220191599", "OPENVAS:1361412562311220191648", "OPENVAS:1361412562311220191661", "OPENVAS:1361412562311220191703", "OPENVAS:1361412562311220191808", "OPENVAS:1361412562311220191923", "OPENVAS:1361412562311220191973", "OPENVAS:1361412562311220192014", "OPENVAS:1361412562311220192030", "OPENVAS:1361412562311220192379", "OPENVAS:1361412562311220192687", "OPENVAS:1361412562311220201002", "OPENVAS:1361412562311220201056", "OPENVAS:1361412562311220201226", "OPENVAS:1361412562311220201292", "OPENVAS:1361412562311220201308", "OPENVAS:1361412562311220201342", "OPENVAS:1361412562311220201375", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201488", "OPENVAS:1361412562311220201522", "OPENVAS:1361412562311220201536", "OPENVAS:1361412562311220201630", "OPENVAS:1361412562311220201674", "OPENVAS:1361412562311220201737"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2019", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3908", "ELSA-2020-4431", "ELSA-2020-5493", "ELSA-2020-5670", "ELSA-2020-5676", "ELSA-2021-0343", "ELSA-2021-0348", "ELSA-2021-1093", "ELSA-2021-1384", "ELSA-2021-1389", "ELSA-2021-1469", "ELSA-2021-1578", "ELSA-2021-1581", "ELSA-2021-1582", "ELSA-2021-1585", "ELSA-2021-1593", "ELSA-2021-1597", "ELSA-2021-1609", "ELSA-2021-1610", "ELSA-2021-1611", "ELSA-2021-1627", "ELSA-2021-1631", "ELSA-2021-1633", "ELSA-2021-1675", "ELSA-2021-1678", "ELSA-2021-1702", "ELSA-2021-1746", "ELSA-2021-1761", "ELSA-2021-1853", "ELSA-2021-1879", "ELSA-2021-1989", "ELSA-2021-2147", "ELSA-2021-2168", "ELSA-2021-2170", "ELSA-2021-2314", "ELSA-2021-3572", "ELSA-2021-4151", "ELSA-2021-4162", "ELSA-2021-4226", "ELSA-2021-9084", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9087", "ELSA-2021-9100", "ELSA-2021-9101", "ELSA-2021-9107", "ELSA-2021-9128", "ELSA-2021-9129", "ELSA-2021-9130", "ELSA-2021-9140", "ELSA-2021-9141", "ELSA-2021-9213", "ELSA-2021-9222", "ELSA-2021-9223", "ELSA-2021-9238", "ELSA-2021-9280", "ELSA-2021-9294", "ELSA-2021-9318", "ELSA-2021-9344", "ELSA-2021-9434", "ELSA-2022-0827", "ELSA-2022-0830", "ELSA-2022-5235"]}, {"type": "osv", "idList": ["OSV:ASB-A-171705902", "OSV:ASB-A-192605364", "OSV:CVE-2017-14502", "OSV:CVE-2020-13434", "OSV:CVE-2020-25692", "OSV:CVE-2020-26137", "OSV:CVE-2020-28935", "OSV:CVE-2021-21309", "OSV:CVE-2021-27219", "OSV:CVE-2021-3177", "OSV:DLA-1600-1", "OSV:DLA-1762-1", "OSV:DLA-1762-2", "OSV:DLA-1981-1", "OSV:DLA-2241-1", "OSV:DLA-2242-1", "OSV:DLA-2340-1", "OSV:DLA-2340-2", "OSV:DLA-2369-1", "OSV:DLA-2382-1", "OSV:DLA-2425-1", "OSV:DLA-2437-1", "OSV:DLA-2456-1", "OSV:DLA-2476-1", "OSV:DLA-2500-1", "OSV:DLA-2513-1", "OSV:DLA-2556-1", "OSV:DLA-2557-1", "OSV:DLA-2569-1", "OSV:DLA-2576-1", "OSV:DLA-2586-1", "OSV:DLA-2591-1", "OSV:DLA-2592-1", "OSV:DLA-2610-1", "OSV:DLA-2619-1", "OSV:DLA-2628-1", "OSV:DLA-2647-1", "OSV:DLA-2652-1", "OSV:DLA-2686-1", "OSV:DLA-2919-1", "OSV:DLA-3044-1", "OSV:DLA-3152-1", "OSV:DLA-3164-1", "OSV:DLA-3205-1", "OSV:DLA-3371-1", "OSV:DLA-3380-1", "OSV:DLA-3432-1", "OSV:DLA-3445-1", "OSV:DSA-4360-1", "OSV:DSA-4428-1", "OSV:DSA-4698-1", "OSV:DSA-4782-1", "OSV:DSA-4795-1", "OSV:DSA-4822-1", "OSV:DSA-4843-1", "OSV:DSA-4848-1", "OSV:DSA-4881-1", "OSV:DSA-4909-1", "OSV:GHSA-26VR-8J45-3R4W", "OSV:GHSA-3XXV-P78R-4FC6", "OSV:GHSA-4C7M-WXVM-R7GC", "OSV:GHSA-5V8V-66V8-MWM7", "OSV:GHSA-7R28-3M3F-R2PR", "OSV:GHSA-7RRM-V45F-JP64", "OSV:GHSA-J6QJ-J888-VVGQ", "OSV:GHSA-M6GX-RHVJ-FH52", "OSV:GHSA-PCH5-WHG9-QR2R", "OSV:GHSA-PVWX-3JX5-24R2", "OSV:GHSA-W2HV-RCQR-2H7R", "OSV:GHSA-WQVQ-5M8C-6G24", "OSV:GO-2021-0069", "OSV:GO-2021-0235", "OSV:PYSEC-2020-148", "OSV:PYSEC-2020-29", "OSV:PYSEC-2021-4", "OSV:RUSTSEC-2021-0131", "OSV:RUSTSEC-2021-0132"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152610"]}, {"type": "paloalto", "idList": ["PA-CVE-2020-27619"]}, {"type": "photon", "idList": ["PHSA-2019-0006", "PHSA-2019-0012", "PHSA-2019-0140", "PHSA-2019-0153", "PHSA-2019-0215", "PHSA-2019-0228", "PHSA-2019-1.0-0215", "PHSA-2019-1.0-0228", "PHSA-2019-2.0-0140", "PHSA-2019-2.0-0153", "PHSA-2019-3.0-0005", "PHSA-2019-3.0-0006", "PHSA-2019-3.0-0012", "PHSA-2020-0053", "PHSA-2020-0073", "PHSA-2020-0101", "PHSA-2020-0103", "PHSA-2020-0104", "PHSA-2020-0113", "PHSA-2020-0129", "PHSA-2020-0131", "PHSA-2020-0142", "PHSA-2020-0155", "PHSA-2020-0161", "PHSA-2020-0174", "PHSA-2020-0180", "PHSA-2020-0202", "PHSA-2020-0221", "PHSA-2020-0249", "PHSA-2020-0252", "PHSA-2020-0254", "PHSA-2020-0261", "PHSA-2020-0273", "PHSA-2020-0277", "PHSA-2020-0285", "PHSA-2020-0289", "PHSA-2020-0295", "PHSA-2020-0302", "PHSA-2020-0304", "PHSA-2020-0308", "PHSA-2020-0315", "PHSA-2020-0325", "PHSA-2020-0332", "PHSA-2020-0338", "PHSA-2020-0346", "PHSA-2020-0349", "PHSA-2020-1.0-0267", "PHSA-2020-1.0-0287", "PHSA-2020-1.0-0298", "PHSA-2020-1.0-0301", "PHSA-2020-1.0-0302", "PHSA-2020-1.0-0308", "PHSA-2020-1.0-0315", "PHSA-2020-1.0-0325", "PHSA-2020-1.0-0332", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0346", "PHSA-2020-1.0-0349", "PHSA-2020-2.0-0202", "PHSA-2020-2.0-0249", "PHSA-2020-2.0-0252", "PHSA-2020-2.0-0254", "PHSA-2020-2.0-0261", "PHSA-2020-2.0-0273", "PHSA-2020-2.0-0277", "PHSA-2020-2.0-0285", "PHSA-2020-2.0-0289", "PHSA-2020-2.0-0295", "PHSA-2020-2.0-0304", "PHSA-2020-3.0-0053", "PHSA-2020-3.0-0073", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0103", "PHSA-2020-3.0-0104", "PHSA-2020-3.0-0113", "PHSA-2020-3.0-0129", "PHSA-2020-3.0-0131", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0155", "PHSA-2020-3.0-0161", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0180", "PHSA-2021-0001", "PHSA-2021-0005", "PHSA-2021-0006", "PHSA-2021-0007", "PHSA-2021-0008", "PHSA-2021-0013", "PHSA-2021-0039", "PHSA-2021-0047", "PHSA-2021-0189", "PHSA-2021-0192", "PHSA-2021-0193", "PHSA-2021-0197", "PHSA-2021-0201", "PHSA-2021-0204", "PHSA-2021-0210", "PHSA-2021-0214", "PHSA-2021-0236", "PHSA-2021-0240", "PHSA-2021-0246", "PHSA-2021-0248", "PHSA-2021-0308", "PHSA-2021-0315", "PHSA-2021-0317", "PHSA-2021-0320", "PHSA-2021-0322", "PHSA-2021-0327", "PHSA-2021-0329", "PHSA-2021-0342", "PHSA-2021-0348", "PHSA-2021-0360", "PHSA-2021-0393", "PHSA-2021-0422", "PHSA-2021-0442", "PHSA-2021-0455", "PHSA-2021-1.0-0354", "PHSA-2021-1.0-0360", "PHSA-2021-1.0-0362", "PHSA-2021-1.0-0365", "PHSA-2021-1.0-0371", "PHSA-2021-1.0-0390", "PHSA-2021-1.0-0391", "PHSA-2021-2.0-0308", "PHSA-2021-2.0-0315", "PHSA-2021-2.0-0317", "PHSA-2021-2.0-0320", "PHSA-2021-2.0-0322", "PHSA-2021-2.0-0323", "PHSA-2021-2.0-0327", "PHSA-2021-2.0-0329", "PHSA-2021-2.0-0348", "PHSA-2021-2.0-0393", "PHSA-2021-3.0-0189", "PHSA-2021-3.0-0192", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0194", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0201", "PHSA-2021-3.0-0204", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0214", "PHSA-2021-3.0-0236", "PHSA-2021-3.0-0240", "PHSA-2021-3.0-0246", "PHSA-2021-3.0-0248", "PHSA-2021-3.0-0342", "PHSA-2021-4.0-0001", "PHSA-2021-4.0-0005", "PHSA-2021-4.0-0006", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0008", "PHSA-2021-4.0-0013", "PHSA-2021-4.0-0039", "PHSA-2021-4.0-0047", "PHSA-2021-4.0-0139", "PHSA-2022-0441", "PHSA-2022-3.0-0342", "PHSA-2022-3.0-0488", "PHSA-2022-4.0-0279", "PHSA-2023-3.0-0520", "PHSA-2023-3.0-0603"]}, {"type": "prion", "idList": ["PRION:CVE-2020-10543", "PRION:CVE-2020-10878", "PRION:CVE-2021-21309", "PRION:CVE-2021-21639", "PRION:CVE-2021-21640", "PRION:CVE-2021-23336", "PRION:CVE-2021-25215", "PRION:CVE-2021-27219", "PRION:CVE-2021-28092", "PRION:CVE-2021-28163", "PRION:CVE-2021-28165", "PRION:CVE-2021-28359", "PRION:CVE-2021-28918", "PRION:CVE-2021-29418", "PRION:CVE-2021-3114", "PRION:CVE-2021-3177", "PRION:CVE-2021-3326", "PRION:CVE-2021-3347", "PRION:CVE-2021-3501", "PRION:CVE-2021-3543", "PRION:CVE-2021-40491"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:C62665D003B287EB5E4FC604B7578606"]}, {"type": "redhat", "idList": ["RHSA-2020:3908", "RHSA-2020:4254", "RHSA-2020:4255", "RHSA-2020:4264", "RHSA-2020:4273", "RHSA-2020:4285", "RHSA-2020:4299", "RHSA-2020:4431", "RHSA-2020:4609", "RHSA-2020:5333", "RHSA-2020:5493", "RHSA-2020:5633", "RHSA-2020:5634", "RHSA-2020:5635", "RHSA-2021:0034", "RHSA-2021:0037", "RHSA-2021:0038", "RHSA-2021:0039", "RHSA-2021:0079", "RHSA-2021:0145", "RHSA-2021:0146", "RHSA-2021:0172", "RHSA-2021:0343", "RHSA-2021:0348", "RHSA-2021:0436", "RHSA-2021:0568", "RHSA-2021:0607", "RHSA-2021:0719", "RHSA-2021:0778", "RHSA-2021:0779", "RHSA-2021:0780", "RHSA-2021:0799", "RHSA-2021:0883", "RHSA-2021:0949", "RHSA-2021:0956", "RHSA-2021:0957", "RHSA-2021:0958", "RHSA-2021:1006", "RHSA-2021:1032", "RHSA-2021:1079", "RHSA-2021:1081", "RHSA-2021:1093", "RHSA-2021:1129", "RHSA-2021:1168", "RHSA-2021:1266", "RHSA-2021:1272", "RHSA-2021:1279", "RHSA-2021:1295", "RHSA-2021:1338", "RHSA-2021:1339", "RHSA-2021:1366", "RHSA-2021:1369", "RHSA-2021:1379", "RHSA-2021:1384", "RHSA-2021:1389", "RHSA-2021:1429", "RHSA-2021:1448", "RHSA-2021:1468", "RHSA-2021:1469", "RHSA-2021:1475", "RHSA-2021:1476", "RHSA-2021:1477", "RHSA-2021:1478", "RHSA-2021:1479", "RHSA-2021:1499", "RHSA-2021:1509", "RHSA-2021:1551", "RHSA-2021:1552", "RHSA-2021:1560", "RHSA-2021:1561", "RHSA-2021:1578", "RHSA-2021:1581", "RHSA-2021:1582", "RHSA-2021:1585", "RHSA-2021:1593", "RHSA-2021:1597", "RHSA-2021:1609", "RHSA-2021:1610", "RHSA-2021:1611", "RHSA-2021:1620", "RHSA-2021:1627", "RHSA-2021:1631", "RHSA-2021:1633", "RHSA-2021:1675", "RHSA-2021:1678", "RHSA-2021:1702", "RHSA-2021:1739", "RHSA-2021:1746", "RHSA-2021:1761", "RHSA-2021:1853", "RHSA-2021:1879", "RHSA-2021:1968", "RHSA-2021:1989", "RHSA-2021:2021", "RHSA-2021:2024", "RHSA-2021:2028", "RHSA-2021:2041", "RHSA-2021:2042", "RHSA-2021:2053", "RHSA-2021:2093", "RHSA-2021:2095", "RHSA-2021:2099", "RHSA-2021:2106", "RHSA-2021:2121", "RHSA-2021:2130", "RHSA-2021:2136", "RHSA-2021:2147", "RHSA-2021:2164", "RHSA-2021:2165", "RHSA-2021:2168", "RHSA-2021:2169", "RHSA-2021:2170", "RHSA-2021:2171", "RHSA-2021:2172", "RHSA-2021:2173", "RHSA-2021:2174", "RHSA-2021:2175", "RHSA-2021:2185", "RHSA-2021:2190", "RHSA-2021:2203", "RHSA-2021:2204", "RHSA-2021:2239", "RHSA-2021:2285", "RHSA-2021:2286", "RHSA-2021:2293", "RHSA-2021:2314", "RHSA-2021:2316", "RHSA-2021:2355", "RHSA-2021:2374", "RHSA-2021:2437", "RHSA-2021:2438", "RHSA-2021:2467", "RHSA-2021:2471", "RHSA-2021:2472", "RHSA-2021:2479", "RHSA-2021:2519", "RHSA-2021:2522", "RHSA-2021:2523", "RHSA-2021:2532", "RHSA-2021:2543", "RHSA-2021:2689", "RHSA-2021:2705", "RHSA-2021:2730", "RHSA-2021:2731", "RHSA-2021:2732", "RHSA-2021:2733", "RHSA-2021:2735", "RHSA-2021:2792", "RHSA-2021:2920", "RHSA-2021:3016", "RHSA-2021:3119", "RHSA-2021:3140", "RHSA-2021:3225", "RHSA-2021:3252", "RHSA-2021:3254", "RHSA-2021:3320", "RHSA-2021:3361", "RHSA-2021:3366", "RHSA-2021:3399", "RHSA-2021:3522", "RHSA-2021:3523", "RHSA-2021:3556", "RHSA-2021:3572", "RHSA-2021:3700", "RHSA-2021:3748", "RHSA-2021:3759", "RHSA-2021:3900", "RHSA-2021:3917", "RHSA-2021:3925", "RHSA-2021:4103", "RHSA-2021:4104", "RHSA-2021:4151", "RHSA-2021:4162", "RHSA-2021:4226", "RHSA-2021:4526", "RHSA-2021:4582", "RHSA-2021:4725", "RHSA-2021:4767", "RHSA-2021:4914", "RHSA-2021:5134", "RHSA-2022:0056", "RHSA-2022:0073", "RHSA-2022:0181", "RHSA-2022:0308", "RHSA-2022:0632", "RHSA-2022:0827", "RHSA-2022:0828", "RHSA-2022:0829", "RHSA-2022:0830", "RHSA-2022:5235", "RHSA-2022:5840", "RHSA-2022:5924", "RHSA-2022:6133", "RHSA-2022:6252", "RHSA-2022:6271", "RHSA-2022:6407"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10228", "RH:CVE-2017-14502", "RH:CVE-2019-14866", "RH:CVE-2019-25013", "RH:CVE-2019-25032", "RH:CVE-2019-25034", "RH:CVE-2019-25035", "RH:CVE-2019-25036", "RH:CVE-2019-25037", "RH:CVE-2019-25038", "RH:CVE-2019-25039", "RH:CVE-2019-25040", "RH:CVE-2019-25041", "RH:CVE-2019-25042", "RH:CVE-2019-2708", "RH:CVE-2019-3842", "RH:CVE-2019-9169", "RH:CVE-2020-10543", "RH:CVE-2020-10878", "RH:CVE-2020-12362", "RH:CVE-2020-12363", "RH:CVE-2020-12364", "RH:CVE-2020-13434", "RH:CVE-2020-13776", "RH:CVE-2020-15358", "RH:CVE-2020-24330", "RH:CVE-2020-24331", "RH:CVE-2020-24332", "RH:CVE-2020-24977", "RH:CVE-2020-25648", "RH:CVE-2020-25692", "RH:CVE-2020-26116", "RH:CVE-2020-26137", "RH:CVE-2020-27170", "RH:CVE-2020-27618", "RH:CVE-2020-27619", "RH:CVE-2020-28196", "RH:CVE-2020-28362", "RH:CVE-2020-28935", "RH:CVE-2020-29361", "RH:CVE-2020-29362", "RH:CVE-2020-29363", "RH:CVE-2020-8231", "RH:CVE-2020-8284", "RH:CVE-2020-8285", "RH:CVE-2020-8286", "RH:CVE-2020-8648", "RH:CVE-2020-8927", "RH:CVE-2021-21309", "RH:CVE-2021-21639", "RH:CVE-2021-21640", "RH:CVE-2021-23336", "RH:CVE-2021-25215", "RH:CVE-2021-27219", "RH:CVE-2021-28092", "RH:CVE-2021-28163", "RH:CVE-2021-28165", "RH:CVE-2021-28918", "RH:CVE-2021-29418", "RH:CVE-2021-3114", "RH:CVE-2021-3177", "RH:CVE-2021-3326", "RH:CVE-2021-3347", "RH:CVE-2021-3501", "RH:CVE-2021-3543"]}, {"type": "redos", "idList": ["ROS-20230420-02"]}, {"type": "rocky", "idList": ["RLEA-2021:1580", "RLSA-2021:1581", "RLSA-2021:1582", "RLSA-2021:1585", "RLSA-2021:1593", "RLSA-2021:1597", "RLSA-2021:1609", "RLSA-2021:1610", "RLSA-2021:1611", "RLSA-2021:1620", "RLSA-2021:1627", "RLSA-2021:1631", "RLSA-2021:1675", "RLSA-2021:1678", "RLSA-2021:1702", "RLSA-2021:1746", "RLSA-2021:1761", "RLSA-2021:1853", "RLSA-2021:1879", "RLSA-2021:1968", "RLSA-2021:1989", "RLSA-2021:2168", "RLSA-2021:2170", "RLSA-2021:3572", "RLSA-2021:4151", "RLSA-2021:4162", "RLSA-2021:4226", "RLSA-2022:0827", "RLSA-2022:0830"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1957", "ROSA-SA-2021-1975", "ROSA-SA-2021-1982", "ROSA-SA-2021-1989", "ROSA-SA-2021-1990", "ROSA-SA-2023-2163", "ROSA-SA-2023-2164", "ROSA-SA-2023-2203"]}, {"type": "rustsec", "idList": ["RUSTSEC-2021-0131", "RUSTSEC-2021-0132"]}, {"type": "slackware", "idList": ["SSA-2020-086-01", "SSA-2020-232-01", "SSA-2020-344-01", "SSA-2020-347-01", "SSA-2021-118-01"]}, {"type": "sonarsource", "idList": ["SONARSOURCE:975650E98377379A199A2570C63A856D"]}, {"type": "sqlite", "idList": ["SQLT:CVE-2020-13434", "SQLT:CVE-2020-15358"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3690-1", "OPENSUSE-SU-2018:3717-1", "OPENSUSE-SU-2019:1450-1", "OPENSUSE-SU-2019:2593-1", "OPENSUSE-SU-2019:2596-1", "OPENSUSE-SU-2020:0336-1", "OPENSUSE-SU-2020:0850-1", "OPENSUSE-SU-2020:1345-1", "OPENSUSE-SU-2020:1359-1", "OPENSUSE-SU-2020:1430-1", "OPENSUSE-SU-2020:1465-1", "OPENSUSE-SU-2020:1494-1", "OPENSUSE-SU-2020:1578-1", "OPENSUSE-SU-2020:1859-1", "OPENSUSE-SU-2020:1918-1", "OPENSUSE-SU-2020:1920-1", "OPENSUSE-SU-2020:1988-1", "OPENSUSE-SU-2020:2037-1", "OPENSUSE-SU-2020:2047-1", "OPENSUSE-SU-2020:2062-1", "OPENSUSE-SU-2020:2067-1", "OPENSUSE-SU-2020:2139-1", "OPENSUSE-SU-2020:2222-1", "OPENSUSE-SU-2020:2237-1", "OPENSUSE-SU-2020:2238-1", "OPENSUSE-SU-2020:2249-1", "OPENSUSE-SU-2020:2282-1", "OPENSUSE-SU-2020:2332-1", "OPENSUSE-SU-2020:2333-1", "OPENSUSE-SU-2021:0190-1", "OPENSUSE-SU-2021:0192-1", "OPENSUSE-SU-2021:0194-1", "OPENSUSE-SU-2021:0241-1", "OPENSUSE-SU-2021:0270-1", "OPENSUSE-SU-2021:0331-1", "OPENSUSE-SU-2021:0358-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0406-1", "OPENSUSE-SU-2021:0407-1", "OPENSUSE-SU-2021:0435-1", "OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0668-1", "OPENSUSE-SU-2021:0682-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1058-1", "OPENSUSE-SU-2021:1206-1", "OPENSUSE-SU-2021:1560-1", "OPENSUSE-SU-2021:1611-1", "OPENSUSE-SU-2021:1826-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:2005-1", "OPENSUSE-SU-2021:2320-1", "OPENSUSE-SU-2021:2817-1", "OPENSUSE-SU-2021:3942-1", "OPENSUSE-SU-2021:4154-1", "OPENSUSE-SU-2022:0176-1", "SUSE-SU-2022:2405-1", "SUSE-SU-2022:2405-2"]}, {"type": "tenable", "idList": ["TENABLE:F29BAD72446123F9BCC7E3C50234FFF8"]}, {"type": "thn", "idList": ["THN:BA222372B6AB74B52D2725F520DA39EA"]}, {"type": "threatpost", "idList": ["THREATPOST:3073D5AD7F3554F422710689A9436CAA", "THREATPOST:656059F49183C61351DFDB08465E451D"]}, {"type": "ubuntu", "idList": ["LSN-0066-1", "LSN-0068-1", "USN-3859-1", "USN-3938-1", "USN-4176-1", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1", "USN-4394-1", "USN-4416-1", "USN-4438-1", "USN-4466-1", "USN-4466-2", "USN-4568-1", "USN-4570-1", "USN-4581-1", "USN-4602-1", "USN-4602-2", "USN-4622-1", "USN-4622-2", "USN-4635-1", "USN-4665-1", "USN-4665-2", "USN-4677-1", "USN-4677-2", "USN-4742-1", "USN-4754-1", "USN-4754-2", "USN-4754-3", "USN-4754-4", "USN-4754-5", "USN-4759-1", "USN-4878-1", "USN-4884-1", "USN-4887-1", "USN-4890-1", "USN-4907-1", "USN-4910-1", "USN-4929-1", "USN-4938-1", "USN-4977-1", "USN-4983-1", "USN-4991-1", "USN-4997-1", "USN-4997-2", "USN-5001-1", "USN-5221-1", "USN-5310-1", "USN-5410-1", "USN-5699-1", "USN-5768-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10228", "UB:CVE-2017-14502", "UB:CVE-2019-14866", "UB:CVE-2019-25013", "UB:CVE-2019-25032", "UB:CVE-2019-25033", "UB:CVE-2019-25034", "UB:CVE-2019-25035", "UB:CVE-2019-25036", "UB:CVE-2019-25037", "UB:CVE-2019-25038", "UB:CVE-2019-25039", "UB:CVE-2019-25040", "UB:CVE-2019-25041", "UB:CVE-2019-25042", "UB:CVE-2019-3842", "UB:CVE-2019-9169", "UB:CVE-2020-10543", "UB:CVE-2020-10878", "UB:CVE-2020-12362", "UB:CVE-2020-12363", "UB:CVE-2020-12364", "UB:CVE-2020-13434", "UB:CVE-2020-13776", "UB:CVE-2020-15358", "UB:CVE-2020-24330", "UB:CVE-2020-24331", "UB:CVE-2020-24332", "UB:CVE-2020-24977", "UB:CVE-2020-25648", "UB:CVE-2020-25692", "UB:CVE-2020-26116", "UB:CVE-2020-26137", "UB:CVE-2020-27170", "UB:CVE-2020-27618", "UB:CVE-2020-27619", "UB:CVE-2020-28196", "UB:CVE-2020-28362", "UB:CVE-2020-28935", "UB:CVE-2020-29361", "UB:CVE-2020-29362", "UB:CVE-2020-29363", "UB:CVE-2020-8231", "UB:CVE-2020-8284", "UB:CVE-2020-8285", "UB:CVE-2020-8286", "UB:CVE-2020-8648", "UB:CVE-2020-8927", "UB:CVE-2021-0646", "UB:CVE-2021-21309", "UB:CVE-2021-21639", "UB:CVE-2021-21640", "UB:CVE-2021-23336", "UB:CVE-2021-25215", "UB:CVE-2021-27219", "UB:CVE-2021-28163", "UB:CVE-2021-28165", "UB:CVE-2021-3114", "UB:CVE-2021-3177", "UB:CVE-2021-3326", "UB:CVE-2021-3347", "UB:CVE-2021-3501", "UB:CVE-2021-3517", "UB:CVE-2021-3543", "UB:CVE-2021-40491"]}, {"type": "veracode", "idList": ["VERACODE:25605", "VERACODE:26072", "VERACODE:26179", "VERACODE:26245", "VERACODE:26465", "VERACODE:26648", "VERACODE:27281", "VERACODE:27288", "VERACODE:27464", "VERACODE:27610", "VERACODE:27773", "VERACODE:27978", "VERACODE:27998", "VERACODE:28055", "VERACODE:28058", "VERACODE:28547", "VERACODE:28566", "VERACODE:28567", "VERACODE:28570", "VERACODE:28579", "VERACODE:28580", "VERACODE:28581", "VERACODE:29091", "VERACODE:29098", "VERACODE:29276", "VERACODE:29449", "VERACODE:29462", "VERACODE:29500", "VERACODE:29696", "VERACODE:29863", "VERACODE:29864", "VERACODE:29893", "VERACODE:29925", "VERACODE:29991", "VERACODE:29992", "VERACODE:30009", "VERACODE:30315", "VERACODE:30526", "VERACODE:30552", "VERACODE:30555", "VERACODE:30556", "VERACODE:30557", "VERACODE:30560", "VERACODE:30561", "VERACODE:30562", "VERACODE:30563", "VERACODE:30565", "VERACODE:30566", "VERACODE:30567", "VERACODE:30568", "VERACODE:30570", "VERACODE:30596", "VERACODE:30597", "VERACODE:30598", "VERACODE:30599", "VERACODE:30611", "VERACODE:30612", "VERACODE:30613", "VERACODE:30638", "VERACODE:30794", "VERACODE:30796", "VERACODE:30797", "VERACODE:30798", "VERACODE:7880"]}, {"type": "virtuozzo", "idList": ["VZA-2020-036", "VZA-2020-037", "VZA-2021-040"]}, {"type": "zdt", "idList": ["1337DAY-ID-32581"]}]}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["PERL_ADVISORY5.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:4431", "ALSA-2021:3572"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-25215"]}, {"type": "amazon", "idList": ["ALAS-2020-1360", "ALAS-2020-1444", "ALAS-2020-1454", "ALAS-2020-1471", "ALAS-2021-1471", "ALAS-2021-1480", "ALAS-2021-1484", "ALAS-2021-1500", "ALAS-2021-1504", "ALAS-2021-1508", "ALAS-2021-1511", "ALAS-2021-1518", "ALAS2-2021-1578", "ALAS2-2021-1599", "ALAS2-2021-1600", "ALAS2-2021-1601", "ALAS2-2021-1605", "ALAS2-2021-1609", "ALAS2-2021-1610", "ALAS2-2021-1611", "ALAS2-2021-1615", "ALAS2-2021-1635", "ALAS2-2021-1638", "ALAS2-2021-1640", "ALAS2-2021-1655", "ALAS2-2021-1656", "ALAS2-2021-1662", "ALAS2-2021-1664", "ALAS2-2021-1668", "ALAS2-2021-1669", "ALAS2-2021-1670"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-06-01", "ANDROID:2021-08-01"]}, {"type": "apple", "idList": ["APPLE:2A32C0762786DF36357D645066CDC600", "APPLE:3D7765FAAA5588336144E1B60D0B775E", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:BEC13883FC65A6FD008F312DB93C0A36", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:F7DADB3E958148A6B63512580383CEA2", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211850", "APPLE:HT211931", "APPLE:HT211935", "APPLE:HT211952", "APPLE:HT212147"]}, {"type": "archlinux", "idList": ["ASA-201911-3", "ASA-202011-15", "ASA-202011-16", "ASA-202012-17", "ASA-202012-18", "ASA-202101-27", "ASA-202102-28", "ASA-202102-37", "ASA-202103-27", "ASA-202104-10"]}, {"type": "attackerkb", "idList": ["AKB:0EF34EE1-74ED-42FF-A543-9543D3950C10"]}, {"type": "centos", "idList": ["CESA-2020:3908", "CESA-2021:1469"]}, {"type": "chrome", "idList": ["GCSA-2509954079155194578"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:033E22850A2C09F2DBD2349016F7E062", "CFOUNDRY:21B35C0D976E5B0E31872BF9E79110BB", "CFOUNDRY:27F5DB3AFDCF54F32837F9CE39245DE1", "CFOUNDRY:6212B057FC69171CB35A504A83DF4903", "CFOUNDRY:89587F3ED65C323B89E14DDACE9BA27F", "CFOUNDRY:8E671DB66CC777A32FC96E6B964ACEAC", "CFOUNDRY:D09A12445CD6214C067F9255280BC24D", "CFOUNDRY:D1800B931E71999DC3B721FFDBB42636", "CFOUNDRY:DC7BE5C08671B54CC5F39351987D8CA3", "CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07", "CFOUNDRY:F2DA9ABBA88CF5381A0275BB6CBC8B81", "CFOUNDRY:FABA7095744DBBE521F639A1D964B809"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1608724009", "CLSA-2021:1632261705", "CLSA-2021:1632328234", "CLSA-2021:1632328264", "CLSA-2021:1632401716", "CLSA-2021:1640697315"]}, {"type": "cve", "idList": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-25692", "CVE-2020-27170", "CVE-2020-27618", "CVE-2020-28362", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-21309", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-27219", "CVE-2021-28092", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-28918", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3347", "CVE-2021-3543"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1762-1:9B895", "DEBIAN:DLA-2221-1:3C6AD", "DEBIAN:DLA-2242-1:573AF", "DEBIAN:DLA-2456-1:D70B3", "DEBIAN:DLA-2476-1:BF3F0", "DEBIAN:DLA-2500-1:61422", "DEBIAN:DLA-2513-1:91B04", "DEBIAN:DLA-2556-1:967CA", "DEBIAN:DLA-2557-1:3E233", "DEBIAN:DLA-2569-1:E3354", "DEBIAN:DLA-2576-1:05943", "DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DLA-2591-1:1BCAE", "DEBIAN:DLA-2592-1:6DFC9", "DEBIAN:DLA-2610-1:A54F6", "DEBIAN:DLA-2619-1:8192B", "DEBIAN:DLA-2628-1:6F808", "DEBIAN:DLA-2647-1:7BE9D", "DEBIAN:DLA-2652-1:FFCF4", "DEBIAN:DSA-4360-1:DDB49", "DEBIAN:DSA-4698-1:66813", "DEBIAN:DSA-4795-1:5CD54", "DEBIAN:DSA-4801-1:69ED7", "DEBIAN:DSA-4822-1:83743", "DEBIAN:DSA-4843-1:3B37B", "DEBIAN:DSA-4848-1:D81AC", "DEBIAN:DSA-4881-1:5FAC1", "DEBIAN:DSA-4909-1:42284"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-8927", "DEBIANCVE:CVE-2021-25215"]}, {"type": "f5", "idList": ["F5:K15338344", "F5:K40508224", "F5:K54823184"]}, {"type": "fedora", "idList": ["FEDORA:00A0230BBF90", "FEDORA:017273129EBB", "FEDORA:05C0C3052E9A", "FEDORA:096673094224", "FEDORA:0E43B3058526", "FEDORA:1770A30256F7", "FEDORA:180E930E766E", "FEDORA:1A40F309F48E", "FEDORA:1D191309D1B6", "FEDORA:1F076314BE6F", "FEDORA:1F4D830C7DBF", "FEDORA:21C3E309DE29", "FEDORA:27A3A30520EC", "FEDORA:2B2C93094FB5", "FEDORA:2DF1B315B329", "FEDORA:2F75E3052DEE", "FEDORA:30D123099EC4", "FEDORA:3245830C47E2", "FEDORA:33618309E3C6", "FEDORA:36BF9305D418", "FEDORA:3CA1930493B5", "FEDORA:404B730C2F75", "FEDORA:481D1608F47B", "FEDORA:4EE84305D41F", "FEDORA:4F60F30A106E", "FEDORA:5361730BB4C9", "FEDORA:591B130E1979", "FEDORA:59A883072F03", "FEDORA:68780608A492", "FEDORA:6E524310A486", "FEDORA:6ED3730946F6", "FEDORA:71D65309D32B", "FEDORA:72A4E3093B5E", "FEDORA:73B0C3094225", "FEDORA:73E1630A20AB", "FEDORA:764EE30C99A3", "FEDORA:7822830CCC8D", "FEDORA:7A904309DE1B", "FEDORA:7C20C304C264", "FEDORA:7DB0634EDA0C", "FEDORA:7FD9A309E3EF", "FEDORA:8275C3092F8B", "FEDORA:862DE30A5C4D", "FEDORA:8657A309BA6B", "FEDORA:870313092FB5", "FEDORA:8D7CB30BB4E7", "FEDORA:8FD383176A9C", "FEDORA:9408B30E7B01", "FEDORA:9FB8F310F2E1", "FEDORA:A387A3072636", "FEDORA:A44B831211EA", "FEDORA:A8BE83094DF0", "FEDORA:AA46430A6A34", "FEDORA:AA71A6383D9A", "FEDORA:AAF643072F13", "FEDORA:AC1C6304E3A3", "FEDORA:AF45530AA447", "FEDORA:B0FEC30C5629", "FEDORA:B42DC304E39B", "FEDORA:B5212306A249", "FEDORA:B5B17313A0D2", "FEDORA:B8C523106DFF", "FEDORA:C0A2E30B00AE", "FEDORA:C1626307261A", "FEDORA:C1819309C5A0", "FEDORA:C3ED760C452F", "FEDORA:C798F309DE1C", "FEDORA:CD864304939A", "FEDORA:CFC09309E7A4", "FEDORA:D02A2309CDA4", "FEDORA:D47CC30C448C", "FEDORA:D4A5430C7DB7", "FEDORA:DFCF230E7DCE", "FEDORA:E29F2606E7E8", "FEDORA:E31D830DFF2D", "FEDORA:E4BA53093F7F", "FEDORA:E910330B50BA", "FEDORA:E9704310F2E3", "FEDORA:E9B1430CC2C0", "FEDORA:EA4F2309E0EF", "FEDORA:F0266309ACD0", "FEDORA:F23FE31401E3"]}, {"type": "freebsd", "idList": ["0E38B8F8-75DD-11EB-83F2-8C164567CA3C", "388EBB5B-3C95-11EB-929D-D4C9EF517024", "3C77F139-3A09-11EB-929D-D4C9EF517024", "56BA4513-A1BE-11EB-9072-D4C9EF517024", "6A4805D5-5AAF-11EB-A21D-79F5BC5EF6A9", "9595D002-EDEB-4602-BE2D-791CD654247E", "C4AC9C79-AB37-11EA-8B5E-B42E99A1B9C3", "E358B470-B37D-4E47-BC8A-2CD9ADBEB63C", "F5ABAFC0-FCF6-11EA-8758-E0D55E2A8BF9", "FDC49972-3CA7-11EB-929D-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-201908-11", "GLSA-202006-03", "GLSA-202006-04", "GLSA-202011-17", "GLSA-202012-14", "GLSA-202012-21", "GLSA-202101-18", "GLSA-202101-20", "GLSA-202101-38", "GLSA-202103-02", "GLSA-202104-04", "GLSA-202107-05", "GLSA-202107-07", "GLSA-202107-13"]}, {"type": "github", "idList": ["GHSA-26VR-8J45-3R4W", "GHSA-4C7M-WXVM-R7GC", "GHSA-7R28-3M3F-R2PR", "GHSA-J6QJ-J888-VVGQ", "GHSA-WQVQ-5M8C-6G24"]}, {"type": "hackerone", "idList": ["H1:1040166", "H1:1045844", "H1:1048457", "H1:1168205", "H1:948876"]}, {"type": "hp", "idList": ["HP:C07023592"]}, {"type": "ibm", "idList": ["0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "0FF78AF1C487DE3B1A92548681C12BB71F6CB2B0B453E94F828CDEF3248FE0FD", "1A8A5E6AC75FF4A1A546DD1431D4E3A224B13E96434DBC2C5C874D7E73D90553", "3A0EC58D68A9FF044EFDD59A19016C7F96E811E1FC47D2E23F42FDF074B43F35", "6549F7FB91216E6B5325DB660AF73FDF2D181F5FC1D3D96D412B600D6C349A96", "AD465589B25492A16DED0ECFF4281F9C4931011A8158300CCCED826D8CC716A6", "F847189F837954832A5D4C79716968441854E0CF05BFA8740F540844BB54683A", "FD5481A8FAEA26370800B3C24D5356F2495D324636876B8458455F763A9A8B1E"]}, {"type": "ics", "idList": ["ICSA-22-069-09"]}, {"type": "kaspersky", "idList": ["KLA12006", "KLA12007", "KLA12017"]}, {"type": "kitploit", "idList": ["KITPLOIT:3974184594574360239"]}, {"type": "lenovo", "idList": ["LENOVO:PS500393-INTEL-GRAPHICS-DRIVERS-ADVISORY-NOSID"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:6942FE07F44A0622B6AB06B075B5E435"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-25013/", "MSF:ILITIES/FREEBSD-CVE-2020-28362/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-8648/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2019-14866/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-8648/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-28362/", "MSF:ILITIES/ORACLE_LINUX-CVE-2021-3543/", "MSF:ILITIES/REDHAT-OPENSHIFT-CVE-2021-21639/", "MSF:ILITIES/REDHAT_LINUX-CVE-2021-25215/", "MSF:ILITIES/UBUNTU-CVE-2021-3543/"]}, {"type": "mscve", "idList": ["MS:CVE-2020-8927"]}, {"type": "nessus", "idList": ["AIX_IJ26985.NASL", "AIX_IJ26986.NASL", "AL2_ALAS-2021-1578.NASL", "AL2_ALAS-2021-1599.NASL", "AL2_ALAS-2021-1600.NASL", "AL2_ALAS-2021-1601.NASL", "AL2_ALAS-2021-1605.NASL", "AL2_ALAS-2021-1609.NASL", "AL2_ALAS-2021-1610.NASL", "AL2_ALAS-2021-1611.NASL", "AL2_ALAS-2021-1615.NASL", "AL2_ALAS-2021-1635.NASL", "AL2_ALAS-2021-1638.NASL", "AL2_ALAS-2021-1640.NASL", "AL2_ALAS-2021-1655.NASL", "AL2_ALAS-2021-1656.NASL", "AL2_ALAS-2021-1664.NASL", "AL2_ALAS-2021-1668.NASL", "ALA_ALAS-2020-1360.NASL", "ALA_ALAS-2020-1444.NASL", "ALA_ALAS-2020-1454.NASL", "ALA_ALAS-2020-1471.NASL", "ALA_ALAS-2021-1471.NASL", "ALA_ALAS-2021-1480.NASL", "ALA_ALAS-2021-1484.NASL", "ALA_ALAS-2021-1500.NASL", "ALA_ALAS-2021-1504.NASL", "ALA_ALAS-2021-1508.NASL", "ALA_ALAS-2021-1511.NASL", "ALA_ALAS-2021-1518.NASL", "CENTOS8_RHSA-2020-4431.NASL", "CENTOS8_RHSA-2020-5493.NASL", "CENTOS8_RHSA-2021-1093.NASL", "CENTOS8_RHSA-2021-1578.NASL", "CENTOS8_RHSA-2021-1581.NASL", "CENTOS8_RHSA-2021-1582.NASL", "CENTOS8_RHSA-2021-1585.NASL", "CENTOS8_RHSA-2021-1593.NASL", "CENTOS8_RHSA-2021-1597.NASL", "CENTOS8_RHSA-2021-1609.NASL", "CENTOS8_RHSA-2021-1610.NASL", "CENTOS8_RHSA-2021-1611.NASL", "CENTOS8_RHSA-2021-1620.NASL", "CENTOS8_RHSA-2021-1627.NASL", "CENTOS8_RHSA-2021-1631.NASL", "CENTOS8_RHSA-2021-1633.NASL", "CENTOS8_RHSA-2021-1675.NASL", "CENTOS8_RHSA-2021-1678.NASL", "CENTOS8_RHSA-2021-1702.NASL", "CENTOS8_RHSA-2021-1746.NASL", "CENTOS8_RHSA-2021-1761.NASL", "CENTOS8_RHSA-2021-1853.NASL", "CENTOS8_RHSA-2021-1879.NASL", "CENTOS8_RHSA-2021-1968.NASL", "CENTOS8_RHSA-2021-3572.NASL", "CENTOS_RHSA-2021-1469.NASL", "DEBIAN_DLA-2221.NASL", "DEBIAN_DLA-2456.NASL", "DEBIAN_DLA-2476.NASL", "DEBIAN_DLA-2500.NASL", "DEBIAN_DLA-2513.NASL", "DEBIAN_DLA-2556.NASL", "DEBIAN_DLA-2557.NASL", "DEBIAN_DLA-2569.NASL", "DEBIAN_DLA-2576.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DLA-2591.NASL", "DEBIAN_DLA-2592.NASL", "DEBIAN_DLA-2610.NASL", "DEBIAN_DLA-2619.NASL", "DEBIAN_DLA-2628.NASL", "DEBIAN_DLA-2647.NASL", "DEBIAN_DSA-4360.NASL", "DEBIAN_DSA-4782.NASL", "DEBIAN_DSA-4795.NASL", "DEBIAN_DSA-4801.NASL", "DEBIAN_DSA-4822.NASL", "DEBIAN_DSA-4848.NASL", "DEBIAN_DSA-4881.NASL", "DEBIAN_DSA-4909.NASL", "EULEROS_SA-2020-1522.NASL", "EULEROS_SA-2020-1536.NASL", "EULEROS_SA-2020-1674.NASL", "EULEROS_SA-2020-2163.NASL", "EULEROS_SA-2020-2168.NASL", "EULEROS_SA-2020-2172.NASL", "EULEROS_SA-2020-2173.NASL", "EULEROS_SA-2020-2178.NASL", "EULEROS_SA-2020-2182.NASL", "EULEROS_SA-2020-2317.NASL", "EULEROS_SA-2020-2318.NASL", "EULEROS_SA-2020-2337.NASL", "EULEROS_SA-2020-2366.NASL", "EULEROS_SA-2020-2380.NASL", "EULEROS_SA-2020-2388.NASL", "EULEROS_SA-2020-2398.NASL", "EULEROS_SA-2020-2402.NASL", "EULEROS_SA-2020-2419.NASL", "EULEROS_SA-2020-2437.NASL", "EULEROS_SA-2020-2478.NASL", "EULEROS_SA-2020-2487.NASL", "EULEROS_SA-2020-2489.NASL", "EULEROS_SA-2020-2500.NASL", "EULEROS_SA-2020-2502.NASL", "EULEROS_SA-2020-2508.NASL", "EULEROS_SA-2020-2527.NASL", "EULEROS_SA-2020-2528.NASL", "EULEROS_SA-2020-2572.NASL", "EULEROS_SA-2021-1003.NASL", "EULEROS_SA-2021-1010.NASL", "EULEROS_SA-2021-1013.NASL", "EULEROS_SA-2021-1015.NASL", "EULEROS_SA-2021-1018.NASL", "EULEROS_SA-2021-1022.NASL", "EULEROS_SA-2021-1029.NASL", "EULEROS_SA-2021-1032.NASL", "EULEROS_SA-2021-1034.NASL", "EULEROS_SA-2021-1037.NASL", "EULEROS_SA-2021-1047.NASL", "EULEROS_SA-2021-1051.NASL", "EULEROS_SA-2021-1063.NASL", "EULEROS_SA-2021-1080.NASL", "EULEROS_SA-2021-1093.NASL", "EULEROS_SA-2021-1102.NASL", "EULEROS_SA-2021-1103.NASL", "EULEROS_SA-2021-1105.NASL", "EULEROS_SA-2021-1114.NASL", "EULEROS_SA-2021-1137.NASL", "EULEROS_SA-2021-1142.NASL", "EULEROS_SA-2021-1149.NASL", "EULEROS_SA-2021-1150.NASL", "EULEROS_SA-2021-1157.NASL", "EULEROS_SA-2021-1161.NASL", "EULEROS_SA-2021-1174.NASL", "EULEROS_SA-2021-1176.NASL", "EULEROS_SA-2021-1287.NASL", "EULEROS_SA-2021-1299.NASL", "EULEROS_SA-2021-1312.NASL", "EULEROS_SA-2021-1333.NASL", "EULEROS_SA-2021-1337.NASL", "EULEROS_SA-2021-1340.NASL", "EULEROS_SA-2021-1350.NASL", "EULEROS_SA-2021-1382.NASL", "EULEROS_SA-2021-1386.NASL", "EULEROS_SA-2021-1394.NASL", "EULEROS_SA-2021-1397.NASL", "EULEROS_SA-2021-1399.NASL", "EULEROS_SA-2021-1401.NASL", "EULEROS_SA-2021-1403.NASL", "EULEROS_SA-2021-1410.NASL", "EULEROS_SA-2021-1412.NASL", "EULEROS_SA-2021-1414.NASL", "EULEROS_SA-2021-1415.NASL", "EULEROS_SA-2021-1416.NASL", "EULEROS_SA-2021-1417.NASL", "EULEROS_SA-2021-1419.NASL", "EULEROS_SA-2021-1425.NASL", "EULEROS_SA-2021-1426.NASL", "EULEROS_SA-2021-1449.NASL", "EULEROS_SA-2021-1466.NASL", "EULEROS_SA-2021-1477.NASL", "EULEROS_SA-2021-1487.NASL", "EULEROS_SA-2021-1495.NASL", "EULEROS_SA-2021-1502.NASL", "EULEROS_SA-2021-1503.NASL", "EULEROS_SA-2021-1507.NASL", "EULEROS_SA-2021-1512.NASL", "EULEROS_SA-2021-1522.NASL", "EULEROS_SA-2021-1523.NASL", "EULEROS_SA-2021-1534.NASL", "EULEROS_SA-2021-1537.NASL", "EULEROS_SA-2021-1543.NASL", "EULEROS_SA-2021-1544.NASL", "EULEROS_SA-2021-1548.NASL", "EULEROS_SA-2021-1553.NASL", "EULEROS_SA-2021-1555.NASL", "EULEROS_SA-2021-1560.NASL", "EULEROS_SA-2021-1562.NASL", "EULEROS_SA-2021-1563.NASL", "EULEROS_SA-2021-1568.NASL", "EULEROS_SA-2021-1574.NASL", "EULEROS_SA-2021-1578.NASL", "EULEROS_SA-2021-1579.NASL", "EULEROS_SA-2021-1596.NASL", "EULEROS_SA-2021-1605.NASL", "EULEROS_SA-2021-1610.NASL", "EULEROS_SA-2021-1615.NASL", "EULEROS_SA-2021-1618.NASL", "EULEROS_SA-2021-1620.NASL", "EULEROS_SA-2021-1621.NASL", "EULEROS_SA-2021-1623.NASL", "EULEROS_SA-2021-1626.NASL", "EULEROS_SA-2021-1628.NASL", "EULEROS_SA-2021-1629.NASL", "EULEROS_SA-2021-1634.NASL", "EULEROS_SA-2021-1636.NASL", "EULEROS_SA-2021-1638.NASL", "EULEROS_SA-2021-1640.NASL", "EULEROS_SA-2021-1641.NASL", "EULEROS_SA-2021-1645.NASL", "EULEROS_SA-2021-1649.NASL", "EULEROS_SA-2021-1659.NASL", "EULEROS_SA-2021-1661.NASL", "EULEROS_SA-2021-1665.NASL", "EULEROS_SA-2021-1672.NASL", "EULEROS_SA-2021-1676.NASL", "EULEROS_SA-2021-1685.NASL", "EULEROS_SA-2021-1693.NASL", "EULEROS_SA-2021-1697.NASL", "EULEROS_SA-2021-1709.NASL", "EULEROS_SA-2021-1711.NASL", "EULEROS_SA-2021-1712.NASL", "EULEROS_SA-2021-1713.NASL", "EULEROS_SA-2021-1715.NASL", "EULEROS_SA-2021-1722.NASL", "EULEROS_SA-2021-1724.NASL", "EULEROS_SA-2021-1737.NASL", "EULEROS_SA-2021-1738.NASL", "EULEROS_SA-2021-1747.NASL", "EULEROS_SA-2021-1750.NASL", "EULEROS_SA-2021-1751.NASL", "EULEROS_SA-2021-1759.NASL", "EULEROS_SA-2021-1835.NASL", "EULEROS_SA-2021-1857.NASL", "EULEROS_SA-2021-1868.NASL", "EULEROS_SA-2021-1871.NASL", "EULEROS_SA-2021-1872.NASL", "EULEROS_SA-2021-1874.NASL", "EULEROS_SA-2021-1879.NASL", "EULEROS_SA-2021-1886.NASL", "EULEROS_SA-2021-1898.NASL", "EULEROS_SA-2021-1899.NASL", "EULEROS_SA-2021-1901.NASL", "EULEROS_SA-2021-1911.NASL", "EULEROS_SA-2021-2136.NASL", "EULEROS_SA-2021-2141.NASL", "EULEROS_SA-2021-2150.NASL", "EULEROS_SA-2021-2152.NASL", "EULEROS_SA-2021-2155.NASL", "EULEROS_SA-2021-2159.NASL", "EULEROS_SA-2021-2169.NASL", "EULEROS_SA-2021-2171.NASL", "EULEROS_SA-2021-2172.NASL", "EULEROS_SA-2021-2175.NASL", "EULEROS_SA-2021-2180.NASL", "EULEROS_SA-2021-2194.NASL", "EULEROS_SA-2021-2210.NASL", "EULEROS_SA-2021-2216.NASL", "EULEROS_SA-2021-2485.NASL", "EULEROS_SA-2021-2502.NASL", "EULEROS_SA-2021-2541.NASL", "EULEROS_SA-2021-2565.NASL", "F5_BIGIP_SOL40508224.NASL", "FEDORA_2020-0477F8840E.NASL", "FEDORA_2020-0DF38B2843.NASL", "FEDORA_2020-221823EBDD.NASL", "FEDORA_2020-22D278923A.NASL", "FEDORA_2020-27B577AB23.NASL", "FEDORA_2020-35087800BE.NASL", "FEDORA_2020-4021BF2AE8.NASL", "FEDORA_2020-62D2FF9FA8.NASL", "FEDORA_2020-7773C53BC8.NASL", "FEDORA_2020-7AB62C73BC.NASL", "FEDORA_2020-7DD29DACAD.NASL", "FEDORA_2020-864922E78A.NASL", "FEDORA_2020-887D3FA26F.NASL", "FEDORA_2020-9336B65F82.NASL", "FEDORA_2020-935F62C3D9.NASL", "FEDORA_2020-B60DBDD538.NASL", "FEDORA_2020-B6AAF25741.NASL", "FEDORA_2020-BC9A739F0C.NASL", "FEDORA_2020-CEAF490686.NASL", "FEDORA_2020-D30881C970.NASL", "FEDORA_2020-D42CB01973.NASL", "FEDORA_2020-E971480183.NASL", "FEDORA_2020-FF317550E4.NASL", "FEDORA_2021-076A2DCCBA.NASL", "FEDORA_2021-17668E344A.NASL", "FEDORA_2021-1BB399A5AF.NASL", "FEDORA_2021-2897F5366C.NASL", "FEDORA_2021-309BC2E727.NASL", "FEDORA_2021-3352C1C802.NASL", "FEDORA_2021-66547FF92D.NASL", "FEDORA_2021-6E581C051A.NASL", "FEDORA_2021-6FEB090C97.NASL", "FEDORA_2021-7547AD987F.NASL", "FEDORA_2021-7C1BB32D13.NASL", "FEDORA_2021-7C71CDA8DA.NASL", "FEDORA_2021-7D3A9004E2.NASL", "FEDORA_2021-851C6E4E2D.NASL", "FEDORA_2021-907F3BACAE.NASL", "FEDORA_2021-9503FFFAD9.NASL", "FEDORA_2021-B1843407CA.NASL", "FEDORA_2021-B326FCB83F.NASL", "FEDORA_2021-B76EDE8F4D.NASL", "FEDORA_2021-CC3FF94CFC.NASL", "FEDORA_2021-D5CDE50865.NASL", "FEDORA_2021-E3A5A74610.NASL", "FEDORA_2021-E435A8BB88.NASL", "FEDORA_2021-E49DA8A226.NASL", "FEDORA_2021-EF83E8525A.NASL", "FEDORA_2021-F4FD9372C7.NASL", "FEDORA_2021-FAF88B9499.NASL", "FREEBSD_PKG_0E38B8F875DD11EB83F28C164567CA3C.NASL", "FREEBSD_PKG_388EBB5B3C9511EB929DD4C9EF517024.NASL", "FREEBSD_PKG_3C77F1393A0911EB929DD4C9EF517024.NASL", "FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL", "FREEBSD_PKG_6A4805D55AAF11EBA21D79F5BC5EF6A9.NASL", "FREEBSD_PKG_E358B470B37D4E47BC8A2CD9ADBEB63C.NASL", "FREEBSD_PKG_F5ABAFC0FCF611EA8758E0D55E2A8BF9.NASL", "FREEBSD_PKG_FDC499723CA711EB929DD4C9EF517024.NASL", "GENTOO_GLSA-202006-03.NASL", "GENTOO_GLSA-202011-17.NASL", "GENTOO_GLSA-202012-14.NASL", "GENTOO_GLSA-202012-21.NASL", "GENTOO_GLSA-202101-18.NASL", "GENTOO_GLSA-202101-20.NASL", "GENTOO_GLSA-202101-38.NASL", "GENTOO_GLSA-202103-02.NASL", "GENTOO_GLSA-202104-04.NASL", "JUNIPER_JSA11207.NASL", "MACOS_HT211931.NASL", "MACOS_HT212325.NASL", "MACOS_HT212326.NASL", "MACOS_HT212327.NASL", "NEWSTART_CGSL_NS-SA-2021-0043_CPIO.NASL", "NEWSTART_CGSL_NS-SA-2021-0078_KERNEL.NASL", "OPENSUSE-2018-1365.NASL", "OPENSUSE-2018-1366.NASL", "OPENSUSE-2020-1430.NASL", "OPENSUSE-2020-1465.NASL", "OPENSUSE-2020-1494.NASL", "OPENSUSE-2020-1578.NASL", "OPENSUSE-2020-1918.NASL", "OPENSUSE-2020-1920.NASL", "OPENSUSE-2020-1988.NASL", "OPENSUSE-2020-2037.NASL", "OPENSUSE-2020-2047.NASL", "OPENSUSE-2020-2062.NASL", "OPENSUSE-2020-2067.NASL", "OPENSUSE-2020-2139.NASL", "OPENSUSE-2020-2222.NASL", "OPENSUSE-2020-2237.NASL", "OPENSUSE-2020-2238.NASL", "OPENSUSE-2020-2249.NASL", "OPENSUSE-2020-2282.NASL", "OPENSUSE-2020-2332.NASL", "OPENSUSE-2020-2333.NASL", "OPENSUSE-2021-1611.NASL", "OPENSUSE-2021-1826.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-2005.NASL", "OPENSUSE-2021-241.NASL", "OPENSUSE-2021-270.NASL", "OPENSUSE-2021-331.NASL", "OPENSUSE-2021-358.NASL", "OPENSUSE-2021-393.NASL", "OPENSUSE-2021-406.NASL", "OPENSUSE-2021-407.NASL", "OPENSUSE-2021-4154.NASL", "OPENSUSE-2021-435.NASL", "OPENSUSE-2021-532.NASL", "OPENSUSE-2021-668.NASL", "OPENSUSE-2021-682.NASL", "OPENSUSE-2021-758.NASL", "ORACLELINUX_ELSA-2020-3908.NASL", "ORACLELINUX_ELSA-2020-5493.NASL", "ORACLELINUX_ELSA-2020-5670.NASL", "ORACLELINUX_ELSA-2020-5676.NASL", "ORACLELINUX_ELSA-2021-1093.NASL", "ORACLELINUX_ELSA-2021-1384.NASL", "ORACLELINUX_ELSA-2021-1389.NASL", "ORACLELINUX_ELSA-2021-1469.NASL", "ORACLELINUX_ELSA-2021-1578.NASL", "ORACLELINUX_ELSA-2021-1581.NASL", "ORACLELINUX_ELSA-2021-1582.NASL", "ORACLELINUX_ELSA-2021-1585.NASL", "ORACLELINUX_ELSA-2021-1593.NASL", "ORACLELINUX_ELSA-2021-1597.NASL", "ORACLELINUX_ELSA-2021-1609.NASL", "ORACLELINUX_ELSA-2021-1610.NASL", "ORACLELINUX_ELSA-2021-1611.NASL", "ORACLELINUX_ELSA-2021-1627.NASL", "ORACLELINUX_ELSA-2021-1631.NASL", "ORACLELINUX_ELSA-2021-1633.NASL", "ORACLELINUX_ELSA-2021-1675.NASL", "ORACLELINUX_ELSA-2021-1678.NASL", "ORACLELINUX_ELSA-2021-1702.NASL", "ORACLELINUX_ELSA-2021-1746.NASL", "ORACLELINUX_ELSA-2021-1853.NASL", "ORACLELINUX_ELSA-2021-1989.NASL", "ORACLELINUX_ELSA-2021-2147.NASL", "ORACLELINUX_ELSA-2021-2168.NASL", "ORACLELINUX_ELSA-2021-2170.NASL", "ORACLELINUX_ELSA-2021-3572.NASL", "ORACLELINUX_ELSA-2021-4151.NASL", "ORACLELINUX_ELSA-2021-4162.NASL", "ORACLELINUX_ELSA-2021-9084.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9087.NASL", "ORACLELINUX_ELSA-2021-9100.NASL", "ORACLELINUX_ELSA-2021-9101.NASL", "ORACLELINUX_ELSA-2021-9107.NASL", "ORACLELINUX_ELSA-2021-9128.NASL", "ORACLELINUX_ELSA-2021-9129.NASL", "ORACLELINUX_ELSA-2021-9130.NASL", "ORACLELINUX_ELSA-2021-9140.NASL", "ORACLELINUX_ELSA-2021-9141.NASL", "ORACLELINUX_ELSA-2021-9213.NASL", "ORACLELINUX_ELSA-2021-9238.NASL", "ORACLELINUX_ELSA-2021-9318.NASL", "ORACLEVM_OVMSA-2020-0019.NASL", "ORACLEVM_OVMSA-2021-0019.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2021.NASL", "ORACLE_RDBMS_CPU_JAN_2021.NASL", "PHOTONOS_PHSA-2020-1_0-0338_PYTHON3.NASL", "PHOTONOS_PHSA-2020-1_0-0346_CURL.NASL", "PHOTONOS_PHSA-2020-1_0-0349_OPENLDAP.NASL", "PHOTONOS_PHSA-2020-2_0-0249_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0285_LIBXML2.NASL", "PHOTONOS_PHSA-2020-2_0-0295_PYTHON3.NASL", "PHOTONOS_PHSA-2020-2_0-0304_CURL.NASL", "PHOTONOS_PHSA-2020-3_0-0101_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0142_LIBXML2.NASL", "PHOTONOS_PHSA-2020-3_0-0155_PYTHON3.NASL", "PHOTONOS_PHSA-2020-3_0-0174_CURL.NASL", "PHOTONOS_PHSA-2020-3_0-0180_OPENLDAP.NASL", "PHOTONOS_PHSA-2021-1_0-0354_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0360_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0362_UNBOUND.NASL", "PHOTONOS_PHSA-2021-1_0-0365_GLIB.NASL", "PHOTONOS_PHSA-2021-1_0-0371_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0390_UNBOUND.NASL", "PHOTONOS_PHSA-2021-1_0-0391_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0308_OPENLDAP.NASL", "PHOTONOS_PHSA-2021-2_0-0315_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0317_PYTHON3.NASL", "PHOTONOS_PHSA-2021-2_0-0320_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0320_UNBOUND.NASL", "PHOTONOS_PHSA-2021-2_0-0322_GLIB.NASL", "PHOTONOS_PHSA-2021-2_0-0322_LINUX.NASL", "PHOTONOS_PHSA-2021-2_0-0327_PYTHON3.NASL", "PHOTONOS_PHSA-2021-2_0-0329_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0348_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0393_PYTHON.NASL", "PHOTONOS_PHSA-2021-3_0-0189_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0192_PYTHON3.NASL", "PHOTONOS_PHSA-2021-3_0-0193_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0197_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0201_GLIB.NASL", "PHOTONOS_PHSA-2021-3_0-0214_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0236_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0240_BINDUTILS.NASL", "PHOTONOS_PHSA-2021-4_0-0001_GLIB.NASL", "PHOTONOS_PHSA-2021-4_0-0005_GLIBC.NASL", "PHOTONOS_PHSA-2021-4_0-0006_PERL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LINUX.NASL", "PHOTONOS_PHSA-2021-4_0-0007_MYSQL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_PYTHON3.NASL", "PHOTONOS_PHSA-2021-4_0-0013_GO.NASL", "PYTHON_3_9_1.NASL", "REDHAT-RHSA-2020-4431.NASL", "REDHAT-RHSA-2020-4609.NASL", "REDHAT-RHSA-2020-5333.NASL", "REDHAT-RHSA-2020-5493.NASL", "REDHAT-RHSA-2021-0034.NASL", "REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0079.NASL", "REDHAT-RHSA-2021-0883.NASL", "REDHAT-RHSA-2021-0958.NASL", "REDHAT-RHSA-2021-1032.NASL", "REDHAT-RHSA-2021-1081.NASL", "REDHAT-RHSA-2021-1093.NASL", "REDHAT-RHSA-2021-1266.NASL", "REDHAT-RHSA-2021-1272.NASL", "REDHAT-RHSA-2021-1279.NASL", "REDHAT-RHSA-2021-1295.NASL", "REDHAT-RHSA-2021-1366.NASL", "REDHAT-RHSA-2021-1379.NASL", "REDHAT-RHSA-2021-1384.NASL", "REDHAT-RHSA-2021-1389.NASL", "REDHAT-RHSA-2021-1469.NASL", "REDHAT-RHSA-2021-1475.NASL", "REDHAT-RHSA-2021-1476.NASL", "REDHAT-RHSA-2021-1477.NASL", "REDHAT-RHSA-2021-1478.NASL", "REDHAT-RHSA-2021-1479.NASL", "REDHAT-RHSA-2021-1509.NASL", "REDHAT-RHSA-2021-1551.NASL", "REDHAT-RHSA-2021-1578.NASL", "REDHAT-RHSA-2021-1581.NASL", "REDHAT-RHSA-2021-1582.NASL", "REDHAT-RHSA-2021-1585.NASL", "REDHAT-RHSA-2021-1593.NASL", "REDHAT-RHSA-2021-1597.NASL", "REDHAT-RHSA-2021-1609.NASL", "REDHAT-RHSA-2021-1610.NASL", "REDHAT-RHSA-2021-1611.NASL", "REDHAT-RHSA-2021-1620.NASL", "REDHAT-RHSA-2021-1627.NASL", "REDHAT-RHSA-2021-1631.NASL", "REDHAT-RHSA-2021-1633.NASL", "REDHAT-RHSA-2021-1675.NASL", "REDHAT-RHSA-2021-1678.NASL", "REDHAT-RHSA-2021-1702.NASL", "REDHAT-RHSA-2021-1739.NASL", "REDHAT-RHSA-2021-1746.NASL", "REDHAT-RHSA-2021-1761.NASL", "REDHAT-RHSA-2021-1853.NASL", "REDHAT-RHSA-2021-1879.NASL", "REDHAT-RHSA-2021-1968.NASL", "REDHAT-RHSA-2021-1989.NASL", "REDHAT-RHSA-2021-2024.NASL", "REDHAT-RHSA-2021-2028.NASL", "REDHAT-RHSA-2021-2099.NASL", "REDHAT-RHSA-2021-2106.NASL", "REDHAT-RHSA-2021-2147.NASL", "REDHAT-RHSA-2021-2164.NASL", "REDHAT-RHSA-2021-2171.NASL", "REDHAT-RHSA-2021-2174.NASL", "REDHAT-RHSA-2021-2185.NASL", "REDHAT-RHSA-2021-2190.NASL", "REDHAT-RHSA-2021-2472.NASL", "REDHAT-RHSA-2021-2519.NASL", "REDHAT-RHSA-2021-2522.NASL", "REDHAT-RHSA-2021-2523.NASL", "REDHAT-RHSA-2021-3572.NASL", "REDHAT_UPDATE_LEVEL.NASL", "SLACKWARE_SSA_2020-344-01.NASL", "SLACKWARE_SSA_2020-347-01.NASL", "SLACKWARE_SSA_2021-118-01.NASL", "SUSE_SU-2018-3571-1.NASL", "SUSE_SU-2018-3640-1.NASL", "SUSE_SU-2020-1255-1.NASL", "SUSE_SU-2020-1275-1.NASL", "SUSE_SU-2020-2609-1.NASL", "SUSE_SU-2020-2612-1.NASL", "SUSE_SU-2020-3115-1.NASL", "SUSE_SU-2020-3121-1.NASL", "SUSE_SU-2020-3262-1.NASL", "SUSE_SU-2020-3313-1.NASL", "SUSE_SU-2020-3314-1.NASL", "SUSE_SU-2020-3315-1.NASL", "SUSE_SU-2020-3368-1.NASL", "SUSE_SU-2020-3369-1.NASL", "SUSE_SU-2020-3375-1.NASL", "SUSE_SU-2020-3377-1.NASL", "SUSE_SU-2020-3379-1.NASL", "SUSE_SU-2020-3563-1.NASL", "SUSE_SU-2020-3733-1.NASL", "SUSE_SU-2020-3735-1.NASL", "SUSE_SU-2020-3739-1.NASL", "SUSE_SU-2020-3865-1.NASL", "SUSE_SU-2020-3930-1.NASL", "SUSE_SU-2021-0222-1.NASL", "SUSE_SU-2021-0223-1.NASL", "SUSE_SU-2021-0348-1.NASL", "SUSE_SU-2021-0353-1.NASL", "SUSE_SU-2021-0354-1.NASL", "SUSE_SU-2021-0355-1.NASL", "SUSE_SU-2021-0427-1.NASL", "SUSE_SU-2021-0428-1.NASL", "SUSE_SU-2021-0432-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL", "SUSE_SU-2021-0529-1.NASL", "SUSE_SU-2021-0532-1.NASL", "SUSE_SU-2021-0608-1.NASL", "SUSE_SU-2021-0653-1.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-0768-1.NASL", "SUSE_SU-2021-0778-1.NASL", "SUSE_SU-2021-0794-1.NASL", "SUSE_SU-2021-0801-1.NASL", "SUSE_SU-2021-0870-1.NASL", "SUSE_SU-2021-0886-1.NASL", "SUSE_SU-2021-0887-1.NASL", "SUSE_SU-2021-0890-1.NASL", "SUSE_SU-2021-0947-1.NASL", "SUSE_SU-2021-1165-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-1468-1.NASL", "SUSE_SU-2021-1469-1.NASL", "SUSE_SU-2021-1471-1.NASL", "SUSE_SU-2021-1621-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1652-1.NASL", "SUSE_SU-2021-1786-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "SUSE_SU-2021-2005-1.NASL", "SUSE_SU-2021-4154-1.NASL", "SUSE_SU-2022-0301-1.NASL", "UBUNTU_USN-3859-1.NASL", "UBUNTU_USN-4342-1.NASL", "UBUNTU_USN-4344-1.NASL", "UBUNTU_USN-4345-1.NASL", "UBUNTU_USN-4346-1.NASL", "UBUNTU_USN-4568-1.NASL", "UBUNTU_USN-4570-1.NASL", "UBUNTU_USN-4602-1.NASL", "UBUNTU_USN-4635-1.NASL", "UBUNTU_USN-4665-1.NASL", "UBUNTU_USN-4677-1.NASL", "UBUNTU_USN-4742-1.NASL", "UBUNTU_USN-4754-1.NASL", "UBUNTU_USN-4754-3.NASL", "UBUNTU_USN-4754-4.NASL", "UBUNTU_USN-4759-1.NASL", "UBUNTU_USN-4878-1.NASL", "UBUNTU_USN-4884-1.NASL", "UBUNTU_USN-4887-1.NASL", "UBUNTU_USN-4890-1.NASL", "UBUNTU_USN-4907-1.NASL", "UBUNTU_USN-4910-1.NASL", "UBUNTU_USN-4929-1.NASL", "UBUNTU_USN-4991-1.NASL", "UBUNTU_USN-4997-1.NASL", "UBUNTU_USN-5001-1.NASL", "UBUNTU_USN-5310-1.NASL", "VIRTUOZZO_VZA-2020-037.NASL"]}, {"type": "nodejs", "idList": ["NODEJS:1658"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704360", "OPENVAS:1361412562310704428", "OPENVAS:1361412562310843871", "OPENVAS:1361412562310843968", "OPENVAS:1361412562310844406", "OPENVAS:1361412562310844409", "OPENVAS:1361412562310844410", "OPENVAS:1361412562310844411", "OPENVAS:1361412562310852113", "OPENVAS:1361412562310852119", "OPENVAS:1361412562310875610", "OPENVAS:1361412562310877942", "OPENVAS:1361412562310877945", "OPENVAS:1361412562310891762", "OPENVAS:1361412562310892221", "OPENVAS:1361412562311220201522", "OPENVAS:1361412562311220201536"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3908", "ELSA-2020-4431", "ELSA-2020-5493", "ELSA-2021-1093", "ELSA-2021-1384", "ELSA-2021-1389", "ELSA-2021-1469", "ELSA-2021-1578", "ELSA-2021-1581", "ELSA-2021-1582", "ELSA-2021-1593", "ELSA-2021-1597", "ELSA-2021-1609", "ELSA-2021-1610", "ELSA-2021-1611", "ELSA-2021-1627", "ELSA-2021-1631", "ELSA-2021-1633", "ELSA-2021-1675", "ELSA-2021-1678", "ELSA-2021-1702", "ELSA-2021-1746", "ELSA-2021-1761", "ELSA-2021-1853", "ELSA-2021-1989", "ELSA-2021-2147", "ELSA-2021-2168", "ELSA-2021-2170", "ELSA-2021-3572", "ELSA-2021-4151", "ELSA-2021-4162", "ELSA-2021-9084", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9087", "ELSA-2021-9100", "ELSA-2021-9101", "ELSA-2021-9107", "ELSA-2021-9128", "ELSA-2021-9129", "ELSA-2021-9130", "ELSA-2021-9140", "ELSA-2021-9141", "ELSA-2021-9213", "ELSA-2021-9238", "ELSA-2021-9318"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152610"]}, {"type": "paloalto", "idList": ["PA-CVE-2020-27619"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0215", "PHSA-2019-1.0-0228", "PHSA-2019-2.0-0140", "PHSA-2019-2.0-0153", "PHSA-2019-3.0-0005", "PHSA-2019-3.0-0012", "PHSA-2020-1.0-0267", "PHSA-2020-1.0-0287", "PHSA-2020-1.0-0298", "PHSA-2020-1.0-0301", "PHSA-2020-1.0-0302", "PHSA-2020-1.0-0308", "PHSA-2020-1.0-0315", "PHSA-2020-1.0-0325", "PHSA-2020-1.0-0332", "PHSA-2020-1.0-0338", "PHSA-2020-1.0-0346", "PHSA-2020-1.0-0349", "PHSA-2020-2.0-0202", "PHSA-2020-2.0-0249", "PHSA-2020-2.0-0252", "PHSA-2020-2.0-0254", "PHSA-2020-2.0-0261", "PHSA-2020-2.0-0273", "PHSA-2020-2.0-0277", "PHSA-2020-2.0-0285", "PHSA-2020-2.0-0289", "PHSA-2020-2.0-0295", "PHSA-2020-2.0-0304", "PHSA-2020-3.0-0053", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0103", "PHSA-2020-3.0-0104", "PHSA-2020-3.0-0113", "PHSA-2020-3.0-0129", "PHSA-2020-3.0-0131", "PHSA-2020-3.0-0142", "PHSA-2020-3.0-0155", "PHSA-2020-3.0-0161", "PHSA-2020-3.0-0174", "PHSA-2020-3.0-0180", "PHSA-2021-0308", "PHSA-2021-0320", "PHSA-2021-0322", "PHSA-2021-0327", "PHSA-2021-1.0-0354", "PHSA-2021-1.0-0360", "PHSA-2021-1.0-0362", "PHSA-2021-1.0-0365", "PHSA-2021-1.0-0371", "PHSA-2021-1.0-0390", "PHSA-2021-1.0-0391", "PHSA-2021-2.0-0308", "PHSA-2021-2.0-0315", "PHSA-2021-2.0-0317", "PHSA-2021-2.0-0320", "PHSA-2021-2.0-0322", "PHSA-2021-2.0-0323", "PHSA-2021-2.0-0327", "PHSA-2021-2.0-0329", "PHSA-2021-2.0-0348", "PHSA-2021-2.0-0393", "PHSA-2021-3.0-0189", "PHSA-2021-3.0-0192", "PHSA-2021-3.0-0193", "PHSA-2021-3.0-0194", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0201", "PHSA-2021-3.0-0204", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0214", "PHSA-2021-3.0-0236", "PHSA-2021-3.0-0240", "PHSA-2021-3.0-0246", "PHSA-2021-3.0-0248", "PHSA-2021-4.0-0001", "PHSA-2021-4.0-0005", "PHSA-2021-4.0-0006", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0013", "PHSA-2021-4.0-0039"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:C62665D003B287EB5E4FC604B7578606"]}, {"type": "redhat", "idList": ["RHSA-2021:0172", "RHSA-2021:1582", "RHSA-2021:1609", "RHSA-2021:1620", "RHSA-2021:1627", "RHSA-2021:2021", "RHSA-2021:2165", "RHSA-2021:2174", "RHSA-2021:2532", "RHSA-2021:2792", "RHSA-2021:3748"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-12362", "RH:CVE-2020-12363", "RH:CVE-2020-12364", "RH:CVE-2020-25648", "RH:CVE-2020-25692", "RH:CVE-2020-27170", "RH:CVE-2020-27619", "RH:CVE-2020-28196", "RH:CVE-2020-28362", "RH:CVE-2020-29361", "RH:CVE-2020-29362", "RH:CVE-2020-29363", "RH:CVE-2020-8284", "RH:CVE-2020-8285", "RH:CVE-2020-8286", "RH:CVE-2021-21309", "RH:CVE-2021-21639", "RH:CVE-2021-21640", "RH:CVE-2021-23336", "RH:CVE-2021-25215", "RH:CVE-2021-27219", "RH:CVE-2021-28092", "RH:CVE-2021-28163", "RH:CVE-2021-28165", "RH:CVE-2021-28918", "RH:CVE-2021-29418", "RH:CVE-2021-3114", "RH:CVE-2021-3177", "RH:CVE-2021-3326", "RH:CVE-2021-3347", "RH:CVE-2021-3501", "RH:CVE-2021-3543"]}, {"type": "rocky", "idList": ["RLSA-2021:1989", "RLSA-2021:2168", "RLSA-2021:2170", "RLSA-2021:3572"]}, {"type": "rustsec", "idList": ["RUSTSEC-2021-0131", "RUSTSEC-2021-0132"]}, {"type": "slackware", "idList": ["SSA-2020-086-01", "SSA-2020-232-01", "SSA-2020-344-01", "SSA-2020-347-01", "SSA-2021-118-01"]}, {"type": "sonarsource", "idList": ["SONARSOURCE:975650E98377379A199A2570C63A856D"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3690-1", "OPENSUSE-SU-2018:3717-1", "OPENSUSE-SU-2020:1918-1", "OPENSUSE-SU-2020:1920-1", "OPENSUSE-SU-2020:1988-1", "OPENSUSE-SU-2020:2037-1", "OPENSUSE-SU-2020:2047-1", "OPENSUSE-SU-2020:2062-1", "OPENSUSE-SU-2020:2067-1", "OPENSUSE-SU-2020:2139-1", "OPENSUSE-SU-2020:2222-1", "OPENSUSE-SU-2020:2237-1", "OPENSUSE-SU-2020:2238-1", "OPENSUSE-SU-2020:2249-1", "OPENSUSE-SU-2020:2282-1", "OPENSUSE-SU-2020:2332-1", "OPENSUSE-SU-2020:2333-1", "OPENSUSE-SU-2021:0190-1", "OPENSUSE-SU-2021:0192-1", "OPENSUSE-SU-2021:0194-1", "OPENSUSE-SU-2021:0241-1", "OPENSUSE-SU-2021:0270-1", "OPENSUSE-SU-2021:0331-1", "OPENSUSE-SU-2021:0358-1", "OPENSUSE-SU-2021:0393-1", "OPENSUSE-SU-2021:0406-1", "OPENSUSE-SU-2021:0407-1", "OPENSUSE-SU-2021:0435-1", "OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0668-1", "OPENSUSE-SU-2021:0682-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1058-1", "OPENSUSE-SU-2021:1611-1", "OPENSUSE-SU-2021:1826-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1", "OPENSUSE-SU-2021:2005-1", "OPENSUSE-SU-2021:2320-1", "OPENSUSE-SU-2021:2817-1"]}, {"type": "thn", "idList": ["THN:BA222372B6AB74B52D2725F520DA39EA"]}, {"type": "threatpost", "idList": ["THREATPOST:3073D5AD7F3554F422710689A9436CAA", "THREATPOST:656059F49183C61351DFDB08465E451D"]}, {"type": "ubuntu", "idList": ["LSN-0066-1", "LSN-0068-1", "USN-3859-1", "USN-4342-1", "USN-4344-1", "USN-4345-1", "USN-4346-1", "USN-4394-1", "USN-4568-1", "USN-4570-1", "USN-4602-1", "USN-4635-1", "USN-4665-1", "USN-4665-2", "USN-4677-1", "USN-4677-2", "USN-4742-1", "USN-4754-1", "USN-4754-2", "USN-4754-3", "USN-4754-4", "USN-4759-1", "USN-4878-1", "USN-4884-1", "USN-4887-1", "USN-4890-1", "USN-4907-1", "USN-4910-1", "USN-4929-1", "USN-4938-1", "USN-4977-1", "USN-4991-1", "USN-4997-1", "USN-4997-2", "USN-5001-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-25032", "UB:CVE-2019-25034", "UB:CVE-2019-25035", "UB:CVE-2019-25036", "UB:CVE-2019-25037", "UB:CVE-2019-25038", "UB:CVE-2019-25039", "UB:CVE-2019-25040", "UB:CVE-2019-25041", "UB:CVE-2019-25042", "UB:CVE-2021-21639", "UB:CVE-2021-21640", "UB:CVE-2021-28163", "UB:CVE-2021-28165", "UB:CVE-2021-3501", "UB:CVE-2021-3543"]}, {"type": "virtuozzo", "idList": ["VZA-2020-036", "VZA-2020-037"]}, {"type": "zdt", "idList": ["1337DAY-ID-32581"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-10228", "epss": 0.00666, "percentile": 0.76712, "modified": "2023-05-07"}, {"cve": "CVE-2017-14502", "epss": 0.00749, "percentile": 0.7828, "modified": "2023-05-07"}, {"cve": "CVE-2019-14866", "epss": 0.00053, "percentile": 0.18667, "modified": "2023-05-07"}, {"cve": "CVE-2019-25013", "epss": 0.00211, "percentile": 0.57546, "modified": "2023-05-07"}, {"cve": "CVE-2019-25032", "epss": 0.00196, "percentile": 0.55982, "modified": "2023-05-07"}, {"cve": "CVE-2019-25034", "epss": 0.00196, "percentile": 0.55982, "modified": "2023-05-07"}, {"cve": "CVE-2019-25035", "epss": 0.00196, "percentile": 0.55982, "modified": "2023-05-07"}, {"cve": "CVE-2019-25036", "epss": 0.00092, "percentile": 0.38064, "modified": "2023-05-07"}, {"cve": "CVE-2019-25037", "epss": 0.00092, "percentile": 0.38064, "modified": "2023-05-07"}, {"cve": "CVE-2019-25038", "epss": 0.00196, "percentile": 0.55982, "modified": "2023-05-07"}, {"cve": "CVE-2019-25039", "epss": 0.00196, "percentile": 0.55982, "modified": "2023-05-07"}, {"cve": "CVE-2019-25040", "epss": 0.00092, "percentile": 0.38064, "modified": "2023-05-07"}, {"cve": "CVE-2019-25041", "epss": 0.00092, "percentile": 0.38064, "modified": "2023-05-07"}, {"cve": "CVE-2019-25042", "epss": 0.00196, "percentile": 0.55982, "modified": "2023-05-07"}, {"cve": "CVE-2019-2708", "epss": 0.00091, "percentile": 0.37686, "modified": "2023-05-07"}, {"cve": "CVE-2019-3842", "epss": 0.00162, "percentile": 0.51416, "modified": "2023-05-07"}, {"cve": "CVE-2019-9169", "epss": 0.0029, "percentile": 0.64367, "modified": "2023-05-07"}, {"cve": "CVE-2020-10543", "epss": 0.00299, "percentile": 0.64898, "modified": "2023-05-07"}, {"cve": "CVE-2020-10878", "epss": 0.00274, "percentile": 0.63286, "modified": "2023-05-07"}, {"cve": "CVE-2020-12362", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-12363", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-12364", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-13434", "epss": 0.00063, "percentile": 0.24946, "modified": "2023-05-07"}, {"cve": "CVE-2020-13776", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2020-15358", "epss": 0.00078, "percentile": 0.32158, "modified": "2023-05-07"}, {"cve": "CVE-2020-24330", "epss": 0.00053, "percentile": 0.18792, "modified": "2023-05-07"}, {"cve": "CVE-2020-24331", "epss": 0.00053, "percentile": 0.18792, "modified": "2023-05-07"}, {"cve": "CVE-2020-24332", "epss": 0.00058, "percentile": 0.21886, "modified": "2023-05-07"}, {"cve": "CVE-2020-24977", "epss": 0.00236, "percentile": 0.60212, "modified": "2023-05-07"}, {"cve": "CVE-2020-25648", "epss": 0.00673, "percentile": 0.76857, "modified": "2023-05-07"}, {"cve": "CVE-2020-25692", "epss": 0.00089, "percentile": 0.3647, "modified": "2023-05-07"}, {"cve": "CVE-2020-26116", "epss": 0.00214, "percentile": 0.57905, "modified": "2023-05-07"}, {"cve": "CVE-2020-26137", "epss": 0.00256, "percentile": 0.61943, "modified": "2023-05-07"}, {"cve": "CVE-2020-27170", "epss": 0.00047, "percentile": 0.14169, "modified": "2023-05-07"}, {"cve": "CVE-2020-27618", "epss": 0.00053, "percentile": 0.18761, "modified": "2023-05-07"}, {"cve": "CVE-2020-27619", "epss": 0.00457, "percentile": 0.71572, "modified": "2023-05-07"}, {"cve": "CVE-2020-28196", "epss": 0.00328, "percentile": 0.66526, "modified": "2023-05-07"}, {"cve": "CVE-2020-28362", "epss": 0.00365, "percentile": 0.68235, "modified": "2023-05-07"}, {"cve": "CVE-2020-28935", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}, {"cve": "CVE-2020-29361", "epss": 0.00358, "percentile": 0.67927, "modified": "2023-05-07"}, {"cve": "CVE-2020-29362", "epss": 0.00091, "percentile": 0.37718, "modified": "2023-05-07"}, {"cve": "CVE-2020-29363", "epss": 0.00098, "percentile": 0.39399, "modified": "2023-05-07"}, {"cve": "CVE-2020-8231", "epss": 0.00197, "percentile": 0.56046, "modified": "2023-05-07"}, {"cve": "CVE-2020-8284", "epss": 0.00148, "percentile": 0.49434, "modified": "2023-05-07"}, {"cve": "CVE-2020-8285", "epss": 0.00364, "percentile": 0.68214, "modified": "2023-05-07"}, {"cve": "CVE-2020-8286", "epss": 0.0021, "percentile": 0.57468, "modified": "2023-05-07"}, {"cve": "CVE-2020-8648", "epss": 0.00076, "percentile": 0.3087, "modified": "2023-05-07"}, {"cve": "CVE-2020-8927", "epss": 0.00282, "percentile": 0.63807, "modified": "2023-05-07"}, {"cve": "CVE-2021-21309", "epss": 0.00532, "percentile": 0.73693, "modified": "2023-05-07"}, {"cve": "CVE-2021-21639", "epss": 0.00054, "percentile": 0.19882, "modified": "2023-05-07"}, {"cve": "CVE-2021-21640", "epss": 0.00054, "percentile": 0.19882, "modified": "2023-05-07"}, {"cve": "CVE-2021-23336", "epss": 0.00149, "percentile": 0.49526, "modified": "2023-05-07"}, {"cve": "CVE-2021-25215", "epss": 0.01337, "percentile": 0.84027, "modified": "2023-05-07"}, {"cve": "CVE-2021-27219", "epss": 0.00118, "percentile": 0.44379, "modified": "2023-05-07"}, {"cve": "CVE-2021-28092", "epss": 0.00172, "percentile": 0.52871, "modified": "2023-05-07"}, {"cve": "CVE-2021-28163", "epss": 0.00063, "percentile": 0.25406, "modified": "2023-05-07"}, {"cve": "CVE-2021-28165", "epss": 0.96587, "percentile": 0.99359, "modified": "2023-05-07"}, {"cve": "CVE-2021-28918", "epss": 0.02374, "percentile": 0.88217, "modified": "2023-05-07"}, {"cve": "CVE-2021-3114", "epss": 0.00244, "percentile": 0.60837, "modified": "2023-05-07"}, {"cve": "CVE-2021-3177", "epss": 0.00924, "percentile": 0.80648, "modified": "2023-05-07"}, {"cve": "CVE-2021-3326", "epss": 0.00389, "percentile": 0.69284, "modified": "2023-05-07"}, {"cve": "CVE-2021-3347", "epss": 0.00044, "percentile": 0.0825, "modified": "2023-05-07"}, {"cve": "CVE-2021-3501", "epss": 0.00044, "percentile": 0.10248, "modified": "2023-05-07"}, {"cve": "CVE-2021-3543", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}], "vulnersScore": -0.6}, "_state": {"dependencies": 1694493968, "score": 1694495152, "epss": 0}, "_internal": {"score_hash": "f619273e44a857641d5f548ed1ddb662"}, "affectedPackage": [], "vendorCvss": {"severity": "moderate"}}

{"redhat": [{"lastseen": "2023-09-12T04:36:23", "description": "Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-23T15:33:42", "type": "redhat", "title": "(RHSA-2021:2532) Moderate: Red Hat OpenShift Jaeger 1.17.9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-26116", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28362", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-20305", "CVE-2021-23336", "CVE-2021-27219", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-06-23T15:34:24", "id": "RHSA-2021:2532", "href": "https://access.redhat.com/errata/RHSA-2021:2532", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n* unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n* unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n* unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n* unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n* unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n* unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n* unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T06:15:09", "type": "redhat", "title": "(RHSA-2021:1853) Moderate: unbound security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-18T11:34:55", "id": "RHSA-2021:1853", "href": "https://access.redhat.com/errata/RHSA-2021:1853", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n* unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n* unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n* unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n* unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n* unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n* unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n* unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T14:34:04", "type": "redhat", "title": "(RHSA-2022:0632) Moderate: unbound security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2022-02-22T14:43:51", "id": "RHSA-2022:0632", "href": "https://access.redhat.com/errata/RHSA-2022:0632", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T16:31:04", "type": "redhat", "title": "(RHSA-2021:2705) Moderate: Release of OpenShift Serverless 1.16.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-27618", "CVE-2020-28196", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-27219", "CVE-2021-27918", "CVE-2021-31525", "CVE-2021-33196", "CVE-2021-3326"], "modified": "2021-07-13T16:32:07", "id": "RHSA-2021:2705", "href": "https://access.redhat.com/errata/RHSA-2021:2705", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM (CVE-2021-25736)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes (BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-23T05:30:08", "type": "redhat", "title": "(RHSA-2021:2130) Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-27618", "CVE-2020-28196", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-20305", "CVE-2021-25736", "CVE-2021-27219", "CVE-2021-3326", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-06-23T05:30:43", "id": "RHSA-2021:2130", "href": "https://access.redhat.com/errata/RHSA-2021:2130", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-24T15:15:19", "type": "redhat", "title": "(RHSA-2021:2543) Moderate: Red Hat OpenShift Jaeger 1.20.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-13949", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-26116", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28362", "CVE-2020-28500", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-20305", "CVE-2021-23336", "CVE-2021-23337", "CVE-2021-27219", "CVE-2021-3114", "CVE-2021-31525", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3449", "CVE-2021-3450"], "modified": "2021-07-20T17:07:45", "id": "RHSA-2021:2543", "href": "https://access.redhat.com/errata/RHSA-2021:2543", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1550\n\nSecurity Fix(es):\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-19T14:41:36", "type": "redhat", "title": "(RHSA-2021:1551) Moderate: OpenShift Container Platform 4.7.11 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28362", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-3114"], "modified": "2021-05-20T18:07:12", "id": "RHSA-2021:1551", "href": "https://access.redhat.com/errata/RHSA-2021:1551", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: Use after free via PI futex state (CVE-2021-3347)\n\n* kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n* kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n* kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n* kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* lru-add-drain workqueue on RT is allocated without being used (BZ#1894587)\n\n* kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-08T17:59:29", "type": "redhat", "title": "(RHSA-2021:2316) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-06-08T21:35:49", "id": "RHSA-2021:2316", "href": "https://access.redhat.com/errata/RHSA-2021:2316", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: Use after free via PI futex state (CVE-2021-3347)\n\n* kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n* kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n* kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n* kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel crash when call the timer function (sctp_generate_proto_unreach_event) of sctp module (BZ#1707184)\n\n* SCSI error handling process on HP P440ar controller gets stuck indefinitely in device reset operation (BZ#1830268)\n\n* netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329)\n\n* netfilter: NULL pointer dereference in nf_tables_set_lookup() (BZ#1873171)\n\n* [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for \"power cap policy equal to 0 watts\" (BZ#1883174)\n\n* A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1886003)\n\n* netxen driver performs poorly with RT kernel (BZ#1894274)\n\n* gendisk->disk_part_tbl->last_lookup retains pointer after partition deletion (BZ#1898596)\n\n* Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1910763)\n\n* RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path (BZ#1917839)\n\n* RHEL7.9 - mm/THP: do not access vma->vm_mm after calling handle_userfault (BZ#1917840)\n\n* raid: wrong raid io account (BZ#1927106)\n\n* qla2x00_status_cont_entry() missing upstream patch that prevents unnecessary ABRT/warnings (BZ#1933784)\n\n* RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver (BZ#1937945)\n\n* selinux: setsebool can trigger a deadlock (BZ#1939091)\n\n* [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V (BZ#1941841)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-08T17:59:02", "type": "redhat", "title": "(RHSA-2021:2314) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-06-08T21:35:43", "id": "RHSA-2021:2314", "href": "https://access.redhat.com/errata/RHSA-2021:2314", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-12T04:36:23", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013)\n\n* glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (CVE-2019-9169)\n\n* glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326)\n\n* glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228)\n\n* glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T05:35:07", "type": "redhat", "title": "(RHSA-2021:1585) Moderate: glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2019-9169", "CVE-2020-27618", "CVE-2021-3326"], "modified": "2021-06-17T15:33:48", "id": "RHSA-2021:1585", "href": "https://access.redhat.com/errata/RHSA-2021:1585", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API.\n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument `--public-addr=podIP` is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the `mds_cache_memory_limit` argument during upgrades. With this update, the `mds_cache_memory_limit` argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as rook was setting the config option `log_file` to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the `log_file` to build the dump path. With this update, rook does not set the `log_file` and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under `/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-17T15:42:10", "type": "redhat", "title": "(RHSA-2021:2479) Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-25659", "CVE-2020-25678", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-27783", "CVE-2020-28196", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-36242", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-20305", "CVE-2021-23239", "CVE-2021-23240", "CVE-2021-23336", "CVE-2021-3139", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3528"], "modified": "2021-06-17T15:42:47", "id": "RHSA-2021:2479", "href": "https://access.redhat.com/errata/RHSA-2021:2479", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.8.0 images:\n\nRHEL-8-CNV-4.8\n==============\n\nkubevirt-template-validator-container-v4.8.0-9\nkubevirt-ssp-operator-container-v4.8.0-41\nvirt-cdi-uploadserver-container-v4.8.0-25\ncnv-must-gather-container-v4.8.0-50\nvirt-cdi-uploadproxy-container-v4.8.0-25\nvirt-cdi-cloner-container-v4.8.0-25\nvirt-cdi-apiserver-container-v4.8.0-25\nkubevirt-v2v-conversion-container-v4.8.0-10\nhostpath-provisioner-operator-container-v4.8.0-17\nhyperconverged-cluster-webhook-container-v4.8.0-62\nhyperconverged-cluster-operator-container-v4.8.0-62\nvirt-cdi-operator-container-v4.8.0-25\nvirt-cdi-importer-container-v4.8.0-25\nvirt-cdi-controller-container-v4.8.0-25\ncnv-containernetworking-plugins-container-v4.8.0-14\nkubemacpool-container-v4.8.0-22\novs-cni-plugin-container-v4.8.0-17\novs-cni-marker-container-v4.8.0-17\nbridge-marker-container-v4.8.0-17\ncluster-network-addons-operator-container-v4.8.0-28\nkubernetes-nmstate-handler-container-v4.8.0-21\nvirtio-win-container-v4.8.0-9\nkubevirt-vmware-container-v4.8.0-11\nhostpath-provisioner-container-v4.8.0-14\nnode-maintenance-operator-container-v4.8.0-19\nvirt-launcher-container-v4.8.0-67\nvm-import-virtv2v-container-v4.8.0-18\nvm-import-controller-container-v4.8.0-18\nvm-import-operator-container-v4.8.0-18\nvirt-handler-container-v4.8.0-67\nvirt-api-container-v4.8.0-67\nvirt-controller-container-v4.8.0-67\nvirt-operator-container-v4.8.0-67\nhco-bundle-registry-container-v4.8.0-451\n\nSecurity Fix(es):\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-27T12:20:29", "type": "redhat", "title": "(RHSA-2021:2920) Moderate: OpenShift Virtualization 4.8.0 Images", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-13776", "CVE-2020-14344", "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347", "CVE-2020-14360", "CVE-2020-14361", "CVE-2020-14362", "CVE-2020-14363", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-25659", "CVE-2020-25712", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-26541", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-27813", "CVE-2020-28196", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-29652", "CVE-2020-36242", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-20201", "CVE-2021-20271", "CVE-2021-23239", "CVE-2021-23240", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-25217", "CVE-2021-27219", "CVE-2021-28211", "CVE-2021-29482", "CVE-2021-3114", "CVE-2021-3121", "CVE-2021-3177", "CVE-2021-33034", "CVE-2021-3326", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-3560"], "modified": "2021-07-27T12:21:10", "id": "RHSA-2021:2920", "href": "https://access.redhat.com/errata/RHSA-2021:2920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization <version_number> images:\n\nRHEL-8-CNV-2.6\n\nhostpath-provisioner-container-v2.6.6-3\nvm-import-controller-container-v2.6.6-5\nvm-import-virtv2v-container-v2.6.6-5\nvm-import-operator-container-v2.6.6-5\nvirt-cdi-apiserver-container-v2.6.6-4\nvirt-cdi-controller-container-v2.6.6-4\nvirt-cdi-cloner-container-v2.6.6-4\nvirt-cdi-importer-container-v2.6.6-4\nvirt-cdi-uploadserver-container-v2.6.6-4\nvirt-cdi-uploadproxy-container-v2.6.6-4\nvirt-cdi-operator-container-v2.6.6-4\novs-cni-marker-container-v2.6.6-5\nkubevirt-ssp-operator-container-v2.6.6-5\nkubemacpool-container-v2.6.6-7\nkubevirt-vmware-container-v2.6.6-4\nkubevirt-kvm-info-nfd-plugin-container-v2.6.6-4\nkubevirt-cpu-model-nfd-plugin-container-v2.6.6-4\nkubevirt-cpu-node-labeller-container-v2.6.6-4\nvirtio-win-container-v2.6.6-4\nkubevirt-template-validator-container-v2.6.6-4\ncnv-containernetworking-plugins-container-v2.6.6-4\nnode-maintenance-operator-container-v2.6.6-4\nkubevirt-v2v-conversion-container-v2.6.6-4\ncluster-network-addons-operator-container-v2.6.6-4\novs-cni-plugin-container-v2.6.6-4\nbridge-marker-container-v2.6.6-4\nkubernetes-nmstate-handler-container-v2.6.6-7\nhyperconverged-cluster-webhook-container-v2.6.6-4\ncnv-must-gather-container-v2.6.6-16\nhyperconverged-cluster-operator-container-v2.6.6-4\nvirt-launcher-container-v2.6.6-7\nhostpath-provisioner-operator-container-v2.6.6-5\nvirt-api-container-v2.6.6-7\nvirt-handler-container-v2.6.6-7\nvirt-controller-container-v2.6.6-7\nvirt-operator-container-v2.6.6-7\nhco-bundle-registry-container-v2.6.6-70\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T13:16:13", "type": "redhat", "title": "(RHSA-2021:3119) Moderate: OpenShift Virtualization 2.6.6 Images security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-9169", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-14344", "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347", "CVE-2020-14360", "CVE-2020-14361", "CVE-2020-14362", "CVE-2020-14363", "CVE-2020-15358", "CVE-2020-25659", "CVE-2020-25712", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-36242", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-20201", "CVE-2021-20271", "CVE-2021-23239", "CVE-2021-23240", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-25217", "CVE-2021-27219", "CVE-2021-28211", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-32399", "CVE-2021-3326", "CVE-2021-33909", "CVE-2021-33910", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-3560"], "modified": "2021-08-10T13:16:44", "id": "RHSA-2021:3119", "href": "https://access.redhat.com/errata/RHSA-2021:3119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.7.12. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-1562\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the node-exporter daemonset's mountstats collector caused high memory usage on nodes with NFS mount points. By disabling the mountstats collector, this fix reduces memory usage. (BZ#1955469)\n\n* A previous change to gophercloud/utils introduced a custom HTTP client that uses a self-signed certificate. But because this change removed settings from DefaultTransport, including those for proxy environment variables, this caused failures for installations that use both self-signed certificates and proxies. In this update, the custom HTTP client inherits settings from DefaultTransport, so now OCP can be installed with self-signed certificates and proxies. (BZ#1943500)\n\n* Previously, bare metal deployments failed when large packet transfers between Ironic and the RAM disk resulted in connection failures. In this update, Ironic queries the RAM disk for information to work around the connection error, allowing deployments to succeed.(BZ#1958965)\n\n* Previously, when an IPv6 cluster was started on nodes that had IPv4 addresses, kublet sometimes used the nodes' IPv4 IP addresses instead of their IPv6 IP addresses, which prevented host-network pods from reaching IPv6-only pods. This update changes the way node IP addresses are chosen. Now, all nodes have IPv6 addresses. (BZ#1942488)\n\n* Previously, OVN changed the source IP addresses of hairpin traffic packets to the IP address of the load balancer, which sometimes blocked traffic when a network policy was in use. With this update, Kuryr opens traffic to the IP addresses of all services in a network policy's namespace, and hairpin traffic flows freely. (BZ#1959766)\n\nSecurity Fix(es):\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.12-x86_64\n\nThe image digest is sha256:2029c5779202293f23418d47a1a823c4e4c8539c1ab25e8bda30d48335b4892e\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.12-s390x\n\nThe image digest is sha256:5f4aa1beddcf61182b715bc6301bf39ca1d967225b1052e3e41e02464bd9989b\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.12-ppc64le\n\nThe image digest is sha256:44c395af371114178a0d2a06c9db60055608b3974bb0e4a58da930ce34c3bec9\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-05-24T17:07:59", "type": "redhat", "title": "(RHSA-2021:1561) Moderate: OpenShift Container Platform 4.7.12 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27813", "CVE-2020-28362", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-30465", "CVE-2021-3114"], "modified": "2021-05-24T17:08:47", "id": "RHSA-2021:1561", "href": "https://access.redhat.com/errata/RHSA-2021:1561", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-18T05:39:00", "type": "redhat", "title": "(RHSA-2021:1610) Moderate: curl security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286"], "modified": "2021-05-18T11:37:19", "id": "RHSA-2021:1610", "href": "https://access.redhat.com/errata/RHSA-2021:1610", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-08-16T15:29:43", "description": "TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware.\n\nThe following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782)\n\nSecurity Fix(es):\n\n* trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331)\n\n* trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332)\n\n* trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T05:41:50", "type": "redhat", "title": "(RHSA-2021:1627) Moderate: trousers security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332"], "modified": "2021-05-18T11:38:04", "id": "RHSA-2021:1627", "href": "https://access.redhat.com/errata/RHSA-2021:1627", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116)\n\n* python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)\n\n* python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)\n\n* python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T05:42:46", "type": "redhat", "title": "(RHSA-2021:1633) Moderate: python3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26116", "CVE-2020-27619", "CVE-2021-23336", "CVE-2021-3177"], "modified": "2021-05-18T11:34:39", "id": "RHSA-2021:1633", "href": "https://access.redhat.com/errata/RHSA-2021:1633", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The p11-kit packages provide a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files.\n\nThe following packages have been upgraded to a later upstream version: p11-kit (0.23.22). (BZ#1887853)\n\nSecurity Fix(es):\n\n* p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers (CVE-2020-29361)\n\n* p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c (CVE-2020-29362)\n\n* p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c (CVE-2020-29363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-18T05:38:50", "type": "redhat", "title": "(RHSA-2021:1609) Moderate: p11-kit security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363"], "modified": "2021-05-18T11:38:24", "id": "RHSA-2021:1609", "href": "https://access.redhat.com/errata/RHSA-2021:1609", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-12T04:36:23", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-01T04:39:40", "type": "redhat", "title": "(RHSA-2021:2121) Moderate: OpenShift Container Platform 4.7.13 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-0431", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-13776", "CVE-2020-14314", "CVE-2020-14344", "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347", "CVE-2020-14356", "CVE-2020-14360", "CVE-2020-14361", "CVE-2020-14362", "CVE-2020-14363", "CVE-2020-15358", "CVE-2020-15437", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332", "CVE-2020-24394", "CVE-2020-24977", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25659", "CVE-2020-25704", "CVE-2020-25712", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-27783", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28196", "CVE-2020-28935", "CVE-2020-28974", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-35508", "CVE-2020-36242", "CVE-2020-36322", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-0342", "CVE-2021-21642", "CVE-2021-21643", "CVE-2021-21644", "CVE-2021-21645", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-3177", "CVE-2021-3326"], "modified": "2021-06-01T04:42:49", "id": "RHSA-2021:2121", "href": "https://access.redhat.com/errata/RHSA-2021:2121", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll users of OpenShift Container Storage 3.11 container images are advised to pull these updated images from the Red Hat Container Registry.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-07T14:11:23", "type": "redhat", "title": "(RHSA-2021:3748) Moderate: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25648", "CVE-2020-25692", "CVE-2021-27219", "CVE-2021-3114", "CVE-2021-31525"], "modified": "2021-10-07T14:12:56", "id": "RHSA-2021:3748", "href": "https://access.redhat.com/errata/RHSA-2021:3748", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The linux-firmware packages contain all of the firmware files that are required by various devices to operate.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T05:40:51", "type": "redhat", "title": "(RHSA-2021:1620) Important: linux-firmware security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364"], "modified": "2021-06-02T17:52:30", "id": "RHSA-2021:1620", "href": "https://access.redhat.com/errata/RHSA-2021:1620", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-06-18T14:36:51", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple vulnerabilities:\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:python3-unbound", "p-cpe:/a:zte:cgsl_main:python3-unbound-debuginfo", "p-cpe:/a:zte:cgsl_main:unbound", "p-cpe:/a:zte:cgsl_main:unbound-debuginfo", "p-cpe:/a:zte:cgsl_main:unbound-debugsource", "p-cpe:/a:zte:cgsl_main:unbound-devel", "p-cpe:/a:zte:cgsl_main:unbound-libs", "p-cpe:/a:zte:cgsl_main:unbound-libs-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0064_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/160818", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0064. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160818);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple\nvulnerabilities:\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0064\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL unbound packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-unbound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'python3-unbound-1.7.3-15.el8',\n 'python3-unbound-debuginfo-1.7.3-15.el8',\n 'unbound-1.7.3-15.el8',\n 'unbound-debuginfo-1.7.3-15.el8',\n 'unbound-debugsource-1.7.3-15.el8',\n 'unbound-devel-1.7.3-15.el8',\n 'unbound-libs-1.7.3-15.el8',\n 'unbound-libs-debuginfo-1.7.3-15.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:05:00", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : unbound (CESA-2021:1853)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:python3-unbound", "p-cpe:/a:centos:centos:unbound", "p-cpe:/a:centos:centos:unbound-devel", "p-cpe:/a:centos:centos:unbound-libs"], "id": "CENTOS8_RHSA-2021-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/149745", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1853. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149745);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1853\");\n\n script_name(english:\"CentOS 8 : unbound (CESA-2021:1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write\n (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1853\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:58:08", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1853 advisory.\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of- bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : unbound (ELSA-2021-1853)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:python3-unbound", "p-cpe:/a:oracle:linux:unbound", "p-cpe:/a:oracle:linux:unbound-devel", "p-cpe:/a:oracle:linux:unbound-libs"], "id": "ORACLELINUX_ELSA-2021-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/149938", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1853.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149938);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/26\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"Oracle Linux 8 : unbound (ELSA-2021-1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1853 advisory.\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-\n bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid\n packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1853.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unbound-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:43:59", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0632 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-23T00:00:00", "type": "nessus", "title": "RHEL 8 : unbound (RHSA-2022:0632)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:python3-unbound", "p-cpe:/a:redhat:enterprise_linux:unbound", "p-cpe:/a:redhat:enterprise_linux:unbound-devel", "p-cpe:/a:redhat:enterprise_linux:unbound-libs"], "id": "REDHAT-RHSA-2022-0632.NASL", "href": "https://www.tenable.com/plugins/nessus/158321", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0632. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158321);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0632\");\n\n script_name(english:\"RHEL 8 : unbound (RHSA-2022:0632)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0632 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write\n (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1878761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954804\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 190, 617, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:05:00", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : unbound (RHSA-2021:1853)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:python3-unbound", "p-cpe:/a:redhat:enterprise_linux:unbound", "p-cpe:/a:redhat:enterprise_linux:unbound-devel", "p-cpe:/a:redhat:enterprise_linux:unbound-libs"], "id": "REDHAT-RHSA-2021-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/149675", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1853. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149675);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1853\");\n\n script_name(english:\"RHEL 8 : unbound (RHSA-2021:1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write\n (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1878761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954804\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 190, 617, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:07:45", "description": "The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1683 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : unbound (ALAS-2021-1683)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-07-01T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python2-unbound", "p-cpe:/a:amazon:linux:python3-unbound", "p-cpe:/a:amazon:linux:unbound", "p-cpe:/a:amazon:linux:unbound-debuginfo", "p-cpe:/a:amazon:linux:unbound-devel", "p-cpe:/a:amazon:linux:unbound-libs", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1683.NASL", "href": "https://www.tenable.com/plugins/nessus/151275", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1683.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151275);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/01\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1683\");\n\n script_name(english:\"Amazon Linux 2 : unbound (ALAS-2021-1683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1683 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1683.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update unbound' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'python2-unbound-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-unbound-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-unbound-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-debuginfo-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-debuginfo-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-debuginfo-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2-unbound / python3-unbound / unbound / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T14:44:06", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0176-2 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0176-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libunbound2", "p-cpe:/a:novell:suse_linux:unbound-anchor", "p-cpe:/a:novell:suse_linux:unbound-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0176-2.NASL", "href": "https://www.tenable.com/plugins/nessus/158091", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0176-2. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158091);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0176-2\");\n\n script_name(english:\"SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0176-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0176-2 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010225.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6acdf69\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libunbound2, unbound-anchor and / or unbound-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound-anchor / unbound-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:41:31", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : unbound (openSUSE-SU-2022:0176-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libunbound2", "p-cpe:/a:novell:opensuse:unbound", "p-cpe:/a:novell:opensuse:unbound-anchor", "p-cpe:/a:novell:opensuse:unbound-devel", "p-cpe:/a:novell:opensuse:unbound-munin", "p-cpe:/a:novell:opensuse:unbound-python", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157088", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0176-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157088);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : unbound (openSUSE-SU-2022:0176-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JTS3PI42CZC7TVKVUTBOIMO2PDFTABYC/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0a9bcef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-munin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-munin-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-python-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound / unbound-anchor / unbound-devel / unbound-munin / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T15:05:10", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : unbound (EulerOS-SA-2021-2436)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2436.NASL", "href": "https://www.tenable.com/plugins/nessus/153267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153267);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : unbound (EulerOS-SA-2021-2436)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2436\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd88756a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h5\",\n \"unbound-libs-1.6.6-1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:45:27", "description": "The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : unbound (SUSE-SU-2022:0176-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libunbound2", "p-cpe:/a:novell:suse_linux:unbound-anchor", "p-cpe:/a:novell:suse_linux:unbound-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157078", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0176-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157078);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0176-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : unbound (SUSE-SU-2022:0176-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010064.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1900b34a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libunbound2, unbound-anchor and / or unbound-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP1/2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.4']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound-anchor / unbound-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:50:30", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0301-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0301-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libunbound2", "p-cpe:/a:novell:suse_linux:unbound-anchor", "p-cpe:/a:novell:suse_linux:unbound-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0301-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157347", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0301-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157347);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0301-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0301-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0301-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2022-February/021588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libunbound2, unbound-anchor and / or unbound-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound-anchor / unbound-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:05:29", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4938-1 advisory.\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man- in-the-middle attack against a cleartext HTTP session. (CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.\n (CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of- bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-06T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libunbound-dev", "p-cpe:/a:canonical:ubuntu_linux:libunbound2", "p-cpe:/a:canonical:ubuntu_linux:libunbound8", "p-cpe:/a:canonical:ubuntu_linux:python-unbound", "p-cpe:/a:canonical:ubuntu_linux:python3-unbound", "p-cpe:/a:canonical:ubuntu_linux:unbound", "p-cpe:/a:canonical:ubuntu_linux:unbound-anchor", "p-cpe:/a:canonical:ubuntu_linux:unbound-host"], "id": "UBUNTU_USN-4938-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149324", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4938-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149324);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"USN\", value:\"4938-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4938-1 advisory.\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-\n in-the-middle attack against a cleartext HTTP session. (CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.\n (CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-\n bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid\n packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4938-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libunbound-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libunbound8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unbound-host\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'libunbound-dev', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'libunbound2', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'python-unbound', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'python3-unbound', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'unbound', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'unbound-anchor', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'unbound-host', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '20.04', 'pkgname': 'libunbound-dev', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'libunbound8', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'python-unbound', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'python3-unbound', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'unbound', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'unbound-anchor', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'unbound-host', 'pkgver': '1.9.4-2ubuntu1.2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound-dev / libunbound2 / libunbound8 / python-unbound / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:11:32", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-2318)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-unbound", "p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2318.NASL", "href": "https://www.tenable.com/plugins/nessus/152401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152401);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-2318)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2318\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91cc194d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python2-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"python3-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-libs-1.7.3-9.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:44:00", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2022-1150)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2022-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/158030", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158030);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/13\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2022-1150)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1150\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46c8f0a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-1.6.6-1.h5.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T12:57:22", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2023-1299)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2023-01-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2023-1299.NASL", "href": "https://www.tenable.com/plugins/nessus/170806", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170806);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2023-1299)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1299\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0840c8f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:09", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : unbound (EulerOS-SA-2022-1100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2022-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-unbound", "p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1100.NASL", "href": "https://www.tenable.com/plugins/nessus/158024", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158024);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/13\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : unbound (EulerOS-SA-2022-1100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1100\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13dbc7cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python2-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"python3-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-libs-1.7.3-9.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:56", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-2175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2175.NASL", "href": "https://www.tenable.com/plugins/nessus/151556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151556);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-2175)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write via a compressed name in\n rdata_copy. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite\n loop via a compressed name in dname_pkt_copy. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in dname_pkt_copy via an\n invalid packet. NOTE: The vendor disputes that this is\n a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in synth_cname. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows\n configuration injection in create_unbound_ad_servers.sh\n upon a successful man-in-the-middle attack against a\n cleartext HTTP session. NOTE: The vendor does not\n consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script\n from the community that facilitates automatic\n configuration creation. It is not part of the Unbound\n installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2175\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a201e0ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T15:02:33", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2285)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2285.NASL", "href": "https://www.tenable.com/plugins/nessus/152307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152307);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2285)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2285\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e777f56d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:58:09", "description": "An update of the unbound package has been released.", "cvss3": {}, "published": "2021-05-21T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Unbound PHSA-2021-3.0-0236", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-05-21T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unbound", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0236_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/149828", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0236. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149828);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/21\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"Photon OS 3.0: Unbound PHSA-2021-3.0-0236\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unbound package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-236.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-1.13.1-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-devel-1.13.1-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-docs-1.13.1-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:14:39", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-07T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : unbound (EulerOS-SA-2021-2351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-09-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2351.NASL", "href": "https://www.tenable.com/plugins/nessus/153069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153069);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/09\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : unbound (EulerOS-SA-2021-2351)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2351\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a85ad13f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h5.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:19", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in unbound. An out-of-bounds write in the rdata_copy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25042)\n\n - A flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered through compressed names. The highest threat from this vulnerability is to service availability.(CVE-2019-25041)\n\n - A flaw was found in unbound. An infinite loop in dname_pkt_copy function could be triggered by a remote attacker. The highest threat from this vulnerability is to service availability.(CVE-2019-25040)\n\n - A flaw was found in unbound. An integer overflow in ub_packed_rrset_key function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25039)\n\n - A flaw was found in unbound. An integer overflow in dnsc_load_local_data function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25038)\n\n - A flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability.(CVE-2019-25037)\n\n - A flaw was found in unbound. A reachable assertion in the synth_cname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dname_pkt_copy function. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25036)\n\n - A flaw was found in unbound. An out-of-bounds write in the sldns_bget_token_par function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25035)\n\n - A flaw was found in unbound. An integer overflow in the sldns_str2wire_dname_buf_origin function may lead to a buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25034)\n\n - A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGN_UP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25033)\n\n - A flaw was found in unbound. An integer overflow in regional_alloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25032)\n\n - A flaw was found in unbound. The create_unbound_ad_servers.sh bash script does not properly sanitize input data, which is retrieved using an unencrypted, unauthenticated HTTP request, before writing the configuration file allowing a man-in-the-middle attack. The highest threat from this vulnerability is to data integrity and system availability.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2021-2124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2124.NASL", "href": "https://www.tenable.com/plugins/nessus/151309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151309);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2021-2124)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in unbound. An out-of-bounds write in\n the rdata_copy function may be abused by a remote\n attacker. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as\n service availability.(CVE-2019-25042)\n\n - A flaw was found in unbound. A reachable assertion in\n the dname_pkt_copy function can be triggered through\n compressed names. The highest threat from this\n vulnerability is to service\n availability.(CVE-2019-25041)\n\n - A flaw was found in unbound. An infinite loop in\n dname_pkt_copy function could be triggered by a remote\n attacker. The highest threat from this vulnerability is\n to service availability.(CVE-2019-25040)\n\n - A flaw was found in unbound. An integer overflow in\n ub_packed_rrset_key function may lead to a buffer\n overflow of the allocated buffer if the size can be\n controlled by an attacker. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25039)\n\n - A flaw was found in unbound. An integer overflow in\n dnsc_load_local_data function may lead to a buffer\n overflow of the allocated buffer if the size can be\n controlled by an attacker. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25038)\n\n - A flaw was found in unbound. A reachable assertion in\n the dname_pkt_copy function can be triggered by sending\n invalid packets to the server. The highest threat from\n this vulnerability is to service\n availability.(CVE-2019-25037)\n\n - A flaw was found in unbound. A reachable assertion in\n the synth_cname function can be triggered by sending\n invalid packets to the server. If asserts are disabled\n during compilation, this issue might lead to an\n out-of-bounds write in dname_pkt_copy function. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as service\n availability.(CVE-2019-25036)\n\n - A flaw was found in unbound. An out-of-bounds write in\n the sldns_bget_token_par function may be abused by a\n remote attacker. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25035)\n\n - A flaw was found in unbound. An integer overflow in the\n sldns_str2wire_dname_buf_origin function may lead to a\n buffer overflow. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25034)\n\n - A flaw was found in unbound. An integer overflow in the\n regional allocator via the ALIGN_UP macro may lead to a\n buffer overflow if the size can be controlled by an\n attacker. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as\n service availability.(CVE-2019-25033)\n\n - A flaw was found in unbound. An integer overflow in\n regional_alloc function may lead to a buffer overflow\n of the allocated buffer if the size can be controlled\n by an attacker and can be big enough. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as service\n availability.(CVE-2019-25032)\n\n - A flaw was found in unbound. The\n create_unbound_ad_servers.sh bash script does not\n properly sanitize input data, which is retrieved using\n an unencrypted, unauthenticated HTTP request, before\n writing the configuration file allowing a\n man-in-the-middle attack. The highest threat from this\n vulnerability is to data integrity and system\n availability.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2124\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c85bf820\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.6.6-1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T15:02:34", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2259)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2259.NASL", "href": "https://www.tenable.com/plugins/nessus/152284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152284);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2259)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2259\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e5dafb4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T15:13:54", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-10-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-2620)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-10-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2620.NASL", "href": "https://www.tenable.com/plugins/nessus/154384", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154384);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-2620)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2620\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64dc4eed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-1.6.6-1.h5\",\n \"unbound-libs-1.6.6-1.h5\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-18T14:31:03", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : unbound (EulerOS-SA-2021-2909)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2909.NASL", "href": "https://www.tenable.com/plugins/nessus/156512", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156512);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : unbound (EulerOS-SA-2021-2909)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2909\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?133caf1a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:57:22", "description": "Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial of service or have a negative impact on data confidentiality.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.9.0-2+deb10u2~deb9u2.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "Debian DLA-2652-1 : unbound1.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libunbound8", "p-cpe:/a:debian:debian_linux:unbound", "p-cpe:/a:debian:debian_linux:unbound-anchor", "p-cpe:/a:debian:debian_linux:unbound-host", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2652.NASL", "href": "https://www.tenable.com/plugins/nessus/149342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2652-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149342);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\"CVE-2019-25031\", \"CVE-2019-25032\", \"CVE-2019-25033\", \"CVE-2019-25034\", \"CVE-2019-25035\", \"CVE-2019-25036\", \"CVE-2019-25037\", \"CVE-2019-25038\", \"CVE-2019-25039\", \"CVE-2019-25040\", \"CVE-2019-25041\", \"CVE-2019-25042\");\n\n script_name(english:\"Debian DLA-2652-1 : unbound1.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been discovered in Unbound, a\nvalidating, recursive, caching DNS resolver, by security researchers\nof X41 D-SEC located in Aachen, Germany. Integer overflows, assertion\nfailures, an out-of-bound write and an infinite loop vulnerability may\nlead to a denial of service or have a negative impact on data\nconfidentiality.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u2.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/unbound1.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/unbound1.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libunbound8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-host\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libunbound8\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-anchor\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-host\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-21T14:53:58", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-2210)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-25031", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2210.NASL", "href": "https://www.tenable.com/plugins/nessus/151554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151554);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-2210)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write via a compressed name in\n rdata_copy. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite\n loop via a compressed name in dname_pkt_copy. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in dname_pkt_copy via an\n invalid packet. NOTE: The vendor disputes that this is\n a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in synth_cname. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows\n configuration injection in create_unbound_ad_servers.sh\n upon a successful man-in-the-middle attack against a\n cleartext HTTP session. NOTE: The vendor does not\n consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script\n from the community that facilitates automatic\n configuration creation. It is not part of the Unbound\n installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2210\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a09237b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:18", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1551 advisory.\n\n - golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n - jenkins: lack of type validation in agent related REST API (CVE-2021-21639)\n\n - jenkins: view name validation bypass (CVE-2021-21640)\n\n - jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n - jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n - golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-20T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.7.11 (RHSA-2021:1551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28362", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-3114"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:cri-tools", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:runc"], "id": "REDHAT-RHSA-2021-1551.NASL", "href": "https://www.tenable.com/plugins/nessus/149793", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1551. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149793);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-28362\",\n \"CVE-2021-3114\",\n \"CVE-2021-28163\",\n \"CVE-2021-28165\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1551\");\n script_xref(name:\"IAVB\", value:\"2020-B-0071-S\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.7.11 (RHSA-2021:1551)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1551 advisory.\n\n - golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n - jenkins: lack of type validation in agent related REST API (CVE-2021-21639)\n\n - jenkins: view name validation bypass (CVE-2021-21640)\n\n - jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n - jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\n - golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1897635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1918750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1945714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947105\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cri-tools, jenkins and / or runc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3114\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 200, 295, 400, 682);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cri-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/s390x/rhocp/4.7/debug',\n 'content/dist/layered/rhel8/s390x/rhocp/4.7/os',\n 'content/dist/layered/rhel8/s390x/rhocp/4.7/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.7/debug',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.7/os',\n 'content/dist/layered/rhel8/x86_64/rhocp/4.7/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'cri-tools-1.20.0-2.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'cri-tools-1.20.0-2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'jenkins-2.277.3.1620393611-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'runc-1.0.0-95.rhaos4.8.gitcd80260.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'runc-1.0.0-95.rhaos4.8.gitcd80260.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.7/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.7/os',\n 'content/dist/rhel/server/7/7Server/x86_64/ose/4.7/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.7/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.7/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/ose/4.7/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'cri-tools-1.20.0-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},\n {'reference':'runc-1.0.0-95.rhaos4.8.gitcd80260.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-tools / jenkins / runc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:17", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2314 advisory.\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-2314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/150447", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2314.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-2314 advisory.\n\n - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common\n function in drivers/tty/n_tty.c. (CVE-2020-8648)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version\n 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an\n escalation of privilege via local access. (CVE-2020-12362)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via\n local access. (CVE-2020-12363)\n\n - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and\n before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of\n service via local access. (CVE-2020-12364)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2314.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.31.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-2314');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:27", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-14T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2021:2314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-06-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/150770", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2314 and\n# CentOS Errata and Security Advisory 2021:2314 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150770);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/14\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2314\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-June/048337.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38256049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 200, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:18:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2314.NASL", "href": "https://www.tenable.com/plugins/nessus/150379", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2314. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150379);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2314\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2314 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 200, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-8648', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-27170', 'CVE-2021-3347');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2314');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:50", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2314-1 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2314)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2021-06-17T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:%5bhyper-v%5d%5bsl", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"], "id": "SL_20210609_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/150800", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150800);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/17\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2314\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2314)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:2314-1 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212314-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:[Hyper-V][SL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.31.1.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.31.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, '[Hyper-V][SL / bpftool / bpftool-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:10:13", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2316 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2021:2316)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-27170", "CVE-2020-8648", "CVE-2021-3347"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2021-2316.NASL", "href": "https://www.tenable.com/plugins/nessus/150380", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2316. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150380);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-8648\",\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-27170\",\n \"CVE-2021-3347\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2316\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:2316)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2316 advisory.\n\n - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)\n\n - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)\n\n - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)\n\n - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)\n\n - kernel: Use after free via PI futex state (CVE-2021-3347)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1922249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1940627\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 190, 200, 416, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-8648', 'CVE-2020-12362', 'CVE-2020-12363', 'CVE-2020-12364', 'CVE-2020-27170', 'CVE-2021-3347');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2316');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.31.1.rt56.1169.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:08:58", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1585 advisory.\n\n - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)\n\n - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap- based buffer over-read via an attempted case-insensitive regular-expression match. (CVE-2019-9169)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. (CVE-2020-27618)\n\n - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. (CVE-2021-3326)\n\n - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : glibc (ELSA-2021-1585)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10228", "CVE-2019-25013", "CVE-2019-9169", "CVE-2020-27618", "CVE-2021-3326"], "modified": "2021-05-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:compat-libpthread-nonshared", "p-cpe:/a:oracle:linux:glibc", "p-cpe:/a:oracle:linux:glibc-all-langpacks", "p-cpe:/a:oracle:linux:glibc-benchtests", "p-cpe:/a:oracle:linux:glibc-common", "p-cpe:/a:oracle:linux:glibc-devel", "p-cpe:/a:oracle:linux:glibc-headers", "p-cpe:/a:oracle:linux:glibc-langpack-aa", "p-cpe:/a:oracle:linux:glibc-langpack-af", "p-cpe:/a:oracle:linux:glibc-langpack-agr", "p-cpe:/a:oracle:linux:glibc-langpack-ak", "p-cpe:/a:oracle:linux:glibc-langpack-am", "p-cpe:/a:oracle:linux:glibc-langpack-an", "p-cpe:/a:oracle:linux:glibc-langpack-anp", "p-cpe:/a:oracle:linux:glibc-langpack-ar", "p-cpe:/a:oracle:linux:glibc-langpack-as", "p-cpe:/a:oracle:linux:glibc-langpack-ast", "p-cpe:/a:oracle:linux:glibc-langpack-ayc", "p-cpe:/a:oracle:linux:glibc-langpack-az", "p-cpe:/a:oracle:linux:glibc-langpack-be", "p-cpe:/a:oracle:linux:glibc-langpack-bem", "p-cpe:/a:oracle:linux:glibc-langpack-ber", "p-cpe:/a:oracle:linux:glibc-langpack-bg", "p-cpe:/a:oracle:linux:glibc-langpack-bhb", "p-cpe:/a:oracle:linux:glibc-langpack-bho", "p-cpe:/a:oracle:linux:glibc-langpack-bi", "p-cpe:/a:oracle:linux:glibc-langpack-bn", "p-cpe:/a:oracle:linux:glibc-langpack-bo", "p-cpe:/a:oracle:linux:glibc-langpack-br", "p-cpe:/a:oracle:linux:glibc-langpack-brx", "p-cpe:/a:oracle:linux:glibc-langpack-bs", "p-cpe:/a:oracle:linux:glibc-langpack-byn", "p-cpe:/a:oracle:linux:glibc-langpack-ca", "p-cpe:/a:oracle:linux:glibc-langpack-ce", "p-cpe:/a:oracle:linux:glibc-langpack-chr", "p-cpe:/a:oracle:linux:glibc-langpack-cmn", "p-cpe:/a:oracle:linux:glibc-langpack-crh", "p-cpe:/a:oracle:linux:glibc-langpack-cs", "p-cpe:/a:oracle:linux:glibc-langpack-csb", "p-cpe:/a:oracle:linux:glibc-langpack-cv", "p-cpe:/a:oracle:linux:glibc-langpack-cy", "p-cpe:/a:oracle:linux:glibc-langpack-da", "p-cpe:/a:oracle:linux:glibc-langpack-de", "p-cpe:/a:oracle:linux:glibc-langpack-doi", "p-cpe:/a:oracle:linux:glibc-langpack-dsb", "p-cpe:/a:oracle:linux:glibc-langpack-dv", "p-cpe:/a:oracle:linux:glibc-langpack-dz", "p-cpe:/a:oracle:linux:glibc-langpack-el", "p-cpe:/a:oracle:linux:glibc-langpack-en", "p-cpe:/a:oracle:linux:glibc-langpack-eo", "p-cpe:/a:oracle:linux:glibc-langpack-es", "p-cpe:/a:oracle:linux:glibc-langpack-et", "p-cpe:/a:oracle:linux:glibc-langpack-eu", "p-cpe:/a:oracle:linux:glibc-langpack-fa", "p-cpe:/a:oracle:linux:glibc-langpack-ff", "p-cpe:/a:oracle:linux:glibc-langpack-fi", "p-cpe:/a:oracle:linux:glibc-langpack-fil", "p-cpe:/a:oracle:linux:glibc-langpack-fo", "p-cpe:/a:oracle:linux:glibc-langpack-fr", "p-cpe:/a:oracle:linux:glibc-langpack-fur", "p-cpe:/a:oracle:linux:glibc-langpack-fy", "p-cpe:/a:oracle:linux:glibc-langpack-ga", "p-cpe:/a:oracle:linux:glibc-langpack-gd", "p-cpe:/a:oracle:linux:glibc-langpack-gez", "p-cpe:/a:oracle:linux:glibc-langpack-gl", "p-cpe:/a:oracle:linux:glibc-langpack-gu", "p-cpe:/a:oracle:linux:glibc-langpack-gv", "p-cpe:/a:oracle:linux:glibc-langpack-ha", "p-cpe:/a:oracle:linux:glibc-langpack-hak", "p-cpe:/a:oracle:linux:glibc-langpack-he", "p-cpe:/a:oracle:linux:glibc-langpack-hi", "p-cpe:/a:oracle:linux:glibc-langpack-hif", "p-cpe:/a:oracle:linux:glibc-langpack-hne", "p-cpe:/a:oracle:linux:glibc-langpack-hr", "p-cpe:/a:oracle:linux:glibc-langpack-hsb", "p-cpe:/a:oracle:linux:glibc-langpack-ht", "p-cpe:/a:oracle:linux:glibc-langpack-hu", "p-cpe:/a:oracle:linux:glibc-langpack-hy", "p-cpe:/a:oracle:linux:glibc-langpack-ia", "p-cpe:/a:oracle:linux:glibc-langpack-id", "p-cpe:/a:oracle:linux:glibc-langpack-ig", "p-cpe:/a:oracle:linux:glibc-langpack-ik", "p-cpe:/a:oracle:linux:glibc-langpack-is", "p-cpe:/a:oracle:linux:glibc-langpack-it", "p-cpe:/a:oracle:linux:glibc-langpack-iu", "p-cpe:/a:oracle:linux:glibc-langpack-ja", "p-cpe:/a:oracle:linux:glibc-langpack-ka", "p-cpe:/a:oracle:linux:glibc-langpack-kab", "p-cpe:/a:oracle:linux:glibc-langpack-kk", "p-cpe:/a:oracle:linux:glibc-langpack-kl", "p-cpe:/a:oracle:linux:glibc-langpack-km", "p-cpe:/a:oracle:linux:glibc-langpack-kn", "p-cpe:/a:oracle:linux:glibc-langpack-ko", "p-cpe:/a:oracle:linux:glibc-langpack-kok", "p-cpe:/a:oracle:linux:glibc-langpack-ks", "p-cpe:/a:oracle:linux:glibc-langpack-ku", "p-cpe:/a:oracle:linux:glibc-langpack-kw", "p-cpe:/a:oracle:linux:glibc-langpack-ky", "p-cpe:/a:oracle:linux:glibc-langpack-lb", "p-cpe:/a:oracle:linux:glibc-langpack-lg", "p-cpe:/a:oracle:linux:glibc-langpack-li", "p-cpe:/a:oracle:linux:glibc-langpack-lij", "p-cpe:/a:oracle:linux:glibc-langpack-ln", "p-cpe:/a:oracle:linux:glibc-langpack-lo", "p-cpe:/a:oracle:linux:glibc-langpack-lt", "p-cpe:/a:oracle:linux:glibc-langpack-lv", "p-cpe:/a:oracle:linux:glibc-langpack-lzh", "p-cpe:/a:oracle:linux:glibc-langpack-mag", "p-cpe:/a:oracle:linux:glibc-langpack-mai", "p-cpe:/a:oracle:linux:glibc-langpack-mfe", "p-cpe:/a:oracle:linux:glibc-langpack-mg", "p-cpe:/a:oracle:linux:glibc-langpack-mhr", "p-cpe:/a:oracle:linux:glibc-langpack-mi", "p-cpe:/a:oracle:linux:glibc-langpack-miq", "p-cpe:/a:oracle:linux:glibc-langpack-mjw", "p-cpe:/a:oracle:linux:glibc-langpack-mk", "p-cpe:/a:oracle:linux:glibc-langpack-ml", "p-cpe:/a:oracle:linux:glibc-langpack-mn", "p-cpe:/a:oracle:linux:glibc-langpack-mni", "p-cpe:/a:oracle:linux:glibc-langpack-mr", "p-cpe:/a:oracle:linux:glibc-langpack-ms", "p-cpe:/a:oracle:linux:glibc-langpack-mt", "p-cpe:/a:oracle:linux:glibc-langpack-my", "p-cpe:/a:oracle:linux:glibc-langpack-nan", "p-cpe:/a:oracle:linux:glibc-langpack-nb", "p-cpe:/a:oracle:linux:glibc-langpack-nds", "p-cpe:/a:oracle:linux:glibc-langpack-ne", "p-cpe:/a:oracle:linux:glibc-langpack-nhn", "p-cpe:/a:oracle:linux:glibc-langpack-niu", "p-cpe:/a:oracle:linux:glibc-langpack-nl", "p-cpe:/a:oracle:linux:glibc-langpack-nn", "p-cpe:/a:oracle:linux:glibc-langpack-nr", "p-cpe:/a:oracle:linux:glibc-langpack-nso", "p-cpe:/a:oracle:linux:glibc-langpack-oc", "p-cpe:/a:oracle:linux:glibc-langpack-om", "p-cpe:/a:oracle:linux:glibc-langpack-or", "p-cpe:/a:oracle:linux:glibc-langpack-os", "p-cpe:/a:oracle:linux:glibc-langpack-pa", "p-cpe:/a:oracle:linux:glibc-langpack-pap", "p-cpe:/a:oracle:linux:glibc-langpack-pl", "p-cpe:/a:oracle:linux:glibc-langpack-ps", "p-cpe:/a:oracle:linux:glibc-langpack-pt", "p-cpe:/a:oracle:linux:glibc-langpack-quz", "p-cpe:/a:oracle:linux:glibc-langpack-raj", "p-cpe:/a:oracle:linux:glibc-langpack-ro", "p-cpe:/a:oracle:linux:glibc-langpack-ru", "p-cpe:/a:oracle:linux:glibc-langpack-rw", "p-cpe:/a:oracle:linux:glibc-langpack-sa", "p-cpe:/a:oracle:linux:glibc-langpack-sah", "p-cpe:/a:oracle:linux:glibc-langpack-sat", "p-cpe:/a:oracle:linux:glibc-langpack-sc", "p-cpe:/a:oracle:linux:glibc-langpack-sd", "p-cpe:/a:oracle:linux:glibc-langpack-se", "p-cpe:/a:oracle:linux:glibc-langpack-sgs", "p-cpe:/a:oracle:linux:glibc-langpack-shn", "p-cpe:/a:oracle:linux:glibc-langpack-shs", "p-cpe:/a:oracle:linux:glibc-langpack-si", "p-cpe:/a:oracle:linux:glibc-langpack-sid", "p-cpe:/a:oracle:linux:glibc-langpack-sk", "p-cpe:/a:oracle:linux:glibc-langpack-sl", "p-cpe:/a:oracle:linux:glibc-langpack-sm", "p-cpe:/a:oracle:linux:glibc-langpack-so", "p-cpe:/a:oracle:linux:glibc-langpack-sq", "p-cpe:/a:oracle:linux:glibc-langpack-sr", "p-cpe:/a:oracle:linux:glibc-langpack-ss", "p-cpe:/a:oracle:linux:glibc-langpack-st", "p-cpe:/a:oracle:linux:glibc-langpack-sv", "p-cpe:/a:oracle:linux:glibc-langpack-sw", "p-cpe:/a:oracle:linux:glibc-langpack-szl", "p-cpe:/a:oracle:linux:glibc-langpack-ta", "p-cpe:/a:oracle:linux:glibc-langpack-tcy", "p-cpe:/a:oracle:linux:glibc-langpack-te", "p-cpe:/a:oracle:linux:glibc-langpack-tg", "p-cpe:/a:oracle:linux:glibc-langpack-th", "p-cpe:/a:oracle:linux:glibc-langpack-the", "p-cpe:/a:oracle:linux:glibc-langpack-ti", "p-cpe:/a:oracle:linux:glibc-langpack-tig", "p-cpe:/a:oracle:linux:glibc-langpack-tk", "p-cpe:/a:oracle:linux:glibc-langpack-tl", "p-cpe:/a:oracle:linux:glibc-langpack-tn", "p-cpe:/a:oracle:linux:glibc-langpack-to", "p-cpe:/a:oracle:linux:glibc-langpack-tpi", "p-cpe:/a:oracle:linux:glibc-langpack-tr", "p-cpe:/a:oracle:linux:glibc-langpack-ts", "p-cpe:/a:oracle:linux:glibc-langpack-tt", "p-cpe:/a:oracle:linux:glibc-langpack-ug", "p-cpe:/a:oracle:linux:glibc-langpack-uk", "p-cpe:/a:oracle:linux:glibc-langpack-unm", "p-cpe:/a:oracle:linux:glibc-langpack-ur", "p-cpe:/a:oracle:linux:glibc-langpack-uz", "p-cpe:/a:oracle:linux:glibc-langpack-ve", "p-cpe:/a:oracle:linux:glibc-langpack-vi", "p-cpe:/a:oracle:linux:glibc-langpack-wa", "p-cpe:/a:oracle:linux:glibc-langpack-wae", "p-cpe:/a:oracle:linux:glibc-langpack-wal", "p-cpe:/a:oracle:linux:glibc-langpack-wo", "p-cpe:/a:oracle:linux:glibc-langpack-xh", "p-cpe:/a:oracle:linux:glibc-langpack-yi", "p-cpe:/a:oracle:linux:glibc-langpack-yo", "p-cpe:/a:oracle:linux:glibc-langpack-yue", "p-cpe:/a:oracle:linux:glibc-langpack-yuw", "p-cpe:/a:oracle:linux:glibc-langpack-zh", "p-cpe:/a:oracle:linux:glibc-langpack-zu", "p-cpe:/a:oracle:linux:glibc-locale-source", "p-cpe:/a:oracle:linux:glibc-minimal-langpack", "p-cpe:/a:oracle:linux:glibc-nss-devel", "p-cpe:/a:oracle:linux:glibc-static", "p-cpe:/a:oracle:linux:glibc-utils", "p-cpe:/a:oracle:linux:libnsl", "p-cpe:/a:oracle:linux:nscd", "p-cpe:/a:oracle:linux:nss_db", "p-cpe:/a:oracle:linux:nss_hesiod"], "id"

(RHSA-2021:2461) Moderate: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update

Description

Related