DATABASE RESOURCES PRICING ABOUT US

{"id": "RHSA-2021:5128", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:5128) Moderate: Openshift Logging security and bug update (5.1.5)", "description": "Openshift Logging Security and Bug Fix Release (5.1.5)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-12-14T16:46:13", "modified": "2021-12-15T13:06:57", "epss": [{"cve": "CVE-2018-20673", "epss": 0.00064, "percentile": 0.26183, "modified": "2023-06-23"}, {"cve": "CVE-2018-25009", "epss": 0.00207, "percentile": 0.57481, "modified": "2023-06-23"}, {"cve": "CVE-2018-25010", "epss": 0.00207, "percentile": 0.57452, "modified": "2023-06-23"}, {"cve": "CVE-2018-25012", "epss": 0.00207, "percentile": 0.57452, "modified": "2023-06-23"}, {"cve": "CVE-2018-25013", "epss": 0.00207, "percentile": 0.57452, "modified": "2023-06-23"}, {"cve": "CVE-2018-25014", "epss": 0.00211, "percentile": 0.57778, "modified": "2023-06-23"}, {"cve": "CVE-2019-13750", "epss": 0.00355, "percentile": 0.67984, "modified": "2023-06-13"}, {"cve": "CVE-2019-13751", "epss": 0.00597, "percentile": 0.75334, "modified": "2023-06-13"}, {"cve": "CVE-2019-17594", "epss": 0.00055, "percentile": 0.20661, "modified": "2023-06-13"}, {"cve": "CVE-2019-17595", "epss": 0.00151, "percentile": 0.50175, "modified": "2023-06-13"}, {"cve": "CVE-2019-18218", "epss": 0.00086, "percentile": 0.35106, "modified": "2023-06-13"}, {"cve": "CVE-2019-19603", "epss": 0.00212, "percentile": 0.57812, "modified": "2023-06-13"}, {"cve": "CVE-2019-20838", "epss": 0.00744, "percentile": 0.78273, "modified": "2023-06-13"}, {"cve": "CVE-2019-5827", "epss": 0.00448, "percentile": 0.71422, "modified": "2023-06-13"}, {"cve": "CVE-2020-12762", "epss": 0.0008, "percentile": 0.33211, "modified": "2023-06-25"}, {"cve": "CVE-2020-13435", "epss": 0.00106, "percentile": 0.41868, "modified": "2023-06-06"}, {"cve": "CVE-2020-14145", "epss": 0.00209, "percentile": 0.57513, "modified": "2023-06-06"}, {"cve": "CVE-2020-14155", "epss": 0.00462, "percentile": 0.71817, "modified": "2023-06-06"}, {"cve": "CVE-2020-16135", "epss": 0.00668, "percentile": 0.76834, "modified": "2023-06-06"}, {"cve": "CVE-2020-17541", "epss": 0.00267, "percentile": 0.62898, "modified": "2023-06-06"}, {"cve": "CVE-2020-24370", "epss": 0.00272, "percentile": 0.63342, "modified": "2023-06-25"}, {"cve": "CVE-2020-35521", "epss": 0.00067, "percentile": 0.27466, "modified": "2023-06-06"}, {"cve": "CVE-2020-35522", "epss": 0.00125, "percentile": 0.4574, "modified": "2023-06-06"}, {"cve": "CVE-2020-35523", "epss": 0.00198, "percentile": 0.56316, "modified": "2023-06-06"}, {"cve": "CVE-2020-35524", "epss": 0.00209, "percentile": 0.5752, "modified": "2023-06-06"}, {"cve": "CVE-2020-36330", "epss": 0.00204, "percentile": 0.57051, "modified": "2023-06-06"}, {"cve": "CVE-2020-36331", "epss": 0.00203, "percentile": 0.56971, "modified": "2023-06-06"}, {"cve": "CVE-2020-36332", "epss": 0.00128, "percentile": 0.46291, "modified": "2023-06-06"}, {"cve": "CVE-2021-20231", "epss": 0.0044, "percentile": 0.71113, "modified": "2023-05-27"}, {"cve": "CVE-2021-20232", "epss": 0.00605, "percentile": 0.75459, "modified": "2023-05-27"}, {"cve": "CVE-2021-20266", "epss": 0.00109, "percentile": 0.42533, "modified": "2023-05-27"}, {"cve": "CVE-2021-21409", "epss": 0.77039, "percentile": 0.97714, "modified": "2023-05-27"}, {"cve": "CVE-2021-22876", "epss": 0.00333, "percentile": 0.66904, "modified": "2023-05-27"}, {"cve": "CVE-2021-22898", "epss": 0.00166, "percentile": 0.51913, "modified": "2023-05-27"}, {"cve": "CVE-2021-22925", "epss": 0.00178, "percentile": 0.53632, "modified": "2023-05-27"}, {"cve": "CVE-2021-23840", "epss": 0.00316, "percentile": 0.65984, "modified": "2023-05-27"}, {"cve": "CVE-2021-23841", "epss": 0.00299, "percentile": 0.64929, "modified": "2023-05-27"}, {"cve": "CVE-2021-27645", "epss": 0.00047, "percentile": 0.14452, "modified": "2023-05-27"}, {"cve": "CVE-2021-28153", "epss": 0.00282, "percentile": 0.63858, "modified": "2023-05-27"}, {"cve": "CVE-2021-31535", "epss": 0.03259, "percentile": 0.89834, "modified": "2023-05-27"}, {"cve": "CVE-2021-3200", "epss": 0.00059, "percentile": 0.22775, "modified": "2023-05-27"}, {"cve": "CVE-2021-33560", "epss": 0.00127, "percentile": 0.46014, "modified": "2023-05-23"}, {"cve": "CVE-2021-33574", "epss": 0.00284, "percentile": 0.63973, "modified": "2023-05-23"}, {"cve": "CVE-2021-3426", "epss": 0.00061, "percentile": 0.24126, "modified": "2023-05-23"}, {"cve": "CVE-2021-3445", "epss": 0.00203, "percentile": 0.56906, "modified": "2023-05-23"}, {"cve": "CVE-2021-3481", "epss": 0.00049, "percentile": 0.16348, "modified": "2023-05-23"}, {"cve": "CVE-2021-3572", "epss": 0.00057, "percentile": 0.21809, "modified": "2023-05-23"}, {"cve": "CVE-2021-3580", "epss": 0.00128, "percentile": 0.46239, "modified": "2023-05-23"}, {"cve": "CVE-2021-35942", "epss": 0.00509, "percentile": 0.73173, "modified": "2023-05-23"}, {"cve": "CVE-2021-36084", "epss": 0.00067, "percentile": 0.27482, "modified": "2023-05-23"}, {"cve": "CVE-2021-36085", "epss": 0.00052, "percentile": 0.18234, "modified": "2023-05-23"}, {"cve": "CVE-2021-36086", "epss": 0.00052, "percentile": 0.18234, "modified": "2023-05-23"}, {"cve": "CVE-2021-36087", "epss": 0.00055, "percentile": 0.20736, "modified": "2023-05-23"}, {"cve": "CVE-2021-3712", "epss": 0.00396, "percentile": 0.69579, "modified": "2023-05-23"}, {"cve": "CVE-2021-37136", "epss": 0.00181, "percentile": 0.53879, "modified": "2023-05-23"}, {"cve": "CVE-2021-37137", "epss": 0.00181, "percentile": 0.53879, "modified": "2023-05-23"}, {"cve": "CVE-2021-3778", "epss": 0.001, "percentile": 0.40148, "modified": "2023-05-23"}, {"cve": "CVE-2021-3796", "epss": 0.00095, "percentile": 0.38857, "modified": "2023-05-23"}, {"cve": "CVE-2021-3800", "epss": 0.00053, "percentile": 0.18868, "modified": "2023-05-23"}, {"cve": "CVE-2021-42574", "epss": 0.00388, "percentile": 0.69279, "modified": "2023-05-23"}, {"cve": "CVE-2021-43527", "epss": 0.0034, "percentile": 0.67164, "modified": "2023-05-23"}, {"cve": "CVE-2021-44228", "epss": 0.97565, "percentile": 0.99997, "modified": "2023-05-23"}, {"cve": "CVE-2021-45046", "epss": 0.96312, "percentile": 0.99271, "modified": "2023-05-23"}], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://access.redhat.com/errata/RHSA-2021:5128", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "immutableFields": [], "lastseen": "2023-08-16T15:27:36", "viewCount": 34, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY33.ASC", "OPENSSL_ADVISORY34.ASC", "RPM_ADVISORY.ASC"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:7E872DA472DB19F259EC6E0D8CA018FF", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3"]}, {"type": "almalinux", "idList": ["ALSA-2021:4160", "ALSA-2021:4162", "ALSA-2021:4172", "ALSA-2021:4198", "ALSA-2021:4231", "ALSA-2021:4241", "ALSA-2021:4288", "ALSA-2021:4326", "ALSA-2021:4358", "ALSA-2021:4368", "ALSA-2021:4373", "ALSA-2021:4374", "ALSA-2021:4382", "ALSA-2021:4385", "ALSA-2021:4386", "ALSA-2021:4387", "ALSA-2021:4396", "ALSA-2021:4399", "ALSA-2021:4408", "ALSA-2021:4409", "ALSA-2021:4424", "ALSA-2021:4426", "ALSA-2021:4451", "ALSA-2021:4455", "ALSA-2021:4464", "ALSA-2021:4489", "ALSA-2021:4510", "ALSA-2021:4511", "ALSA-2021:4513", "ALSA-2021:4517", "ALSA-2021:4585", "ALSA-2021:4586", "ALSA-2021:4587", "ALSA-2021:4590", "ALSA-2021:4591", "ALSA-2021:4592", "ALSA-2021:4593", "ALSA-2021:4594", "ALSA-2021:4595", "ALSA-2021:4649", "ALSA-2021:4743", "ALSA-2021:4903", "ALSA-2021:5226", "ALSA-2022:8418"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-17594", "ALPINE:CVE-2019-17595", "ALPINE:CVE-2019-18218", "ALPINE:CVE-2019-19603", "ALPINE:CVE-2020-12762", "ALPINE:CVE-2020-13435", "ALPINE:CVE-2020-14145", "ALPINE:CVE-2020-14155", "ALPINE:CVE-2020-16135", "ALPINE:CVE-2020-35521", "ALPINE:CVE-2020-35522", "ALPINE:CVE-2020-35523", "ALPINE:CVE-2020-35524", "ALPINE:CVE-2021-20231", "ALPINE:CVE-2021-20232", "ALPINE:CVE-2021-20266", "ALPINE:CVE-2021-22876", "ALPINE:CVE-2021-22898", "ALPINE:CVE-2021-22925", "ALPINE:CVE-2021-23840", "ALPINE:CVE-2021-23841", "ALPINE:CVE-2021-28153", "ALPINE:CVE-2021-31535", "ALPINE:CVE-2021-33560", "ALPINE:CVE-2021-3426", "ALPINE:CVE-2021-3580", "ALPINE:CVE-2021-3712", "ALPINE:CVE-2021-3778", "ALPINE:CVE-2021-3796", "ALPINE:CVE-2021-42574", "ALPINE:CVE-2021-43527"]}, {"type": "altlinux", "idList": ["172377A713A918D5853CA3E9B24EFF85", "89F0D4F86DAB22E731CEDBDF0D21012B", "9010C82E1F47A1ADFFAA739AF4943069", "95ECE16D0980574891228C3A05C49552", "9CE55D48D2FFB74A4B98155431C8E21C", "9D2841FDAF3B365C07846E9A228B2154", "A201D1878E1541D6F378F3244F308AD9", "B0DA0CE217A75449EFDF514507A4B5A7", "D7980395816322070BF99D4E21FF91EF", "F87DD1A08F8DC835F8FCE2C0EB96CF99"]}, {"type": "amazon", "idList": ["ALAS-2019-1326", "ALAS-2020-1381", "ALAS-2021-1482", "ALAS-2021-1498", "ALAS-2021-1500", "ALAS-2021-1504", "ALAS-2021-1509", "ALAS-2021-1517", "ALAS-2021-1541", "ALAS-2021-1552", "ALAS-2021-1553", "ALAS-2021-1554", "ALAS-2021-1612", "ALAS-2021-1728", "ALAS-2022-1578", "ALAS-2022-1580", "ALAS-2022-1601", "ALAS-2022-1625", "ALAS-2023-1740", "ALAS-2023-1742", "ALAS-2023-1748", "ALAS2-2019-1370", "ALAS2-2020-1442", "ALAS2-2020-1492", "ALAS2-2021-1608", "ALAS2-2021-1612", "ALAS2-2021-1640", "ALAS2-2021-1653", "ALAS2-2021-1679", "ALAS2-2021-1686", "ALAS2-2021-1700", "ALAS2-2021-1703", "ALAS2-2021-1714", "ALAS2-2021-1721", "ALAS2-2021-1722", "ALAS2-2021-1728", "ALAS2-2021-1730", "ALAS2-2021-1731", "ALAS2-2021-1732", "ALAS2-2022-1736", "ALAS2-2022-1739", "ALAS2-2022-1742", "ALAS2-2022-1769", "ALAS2-2022-1773", "ALAS2-2022-1780", "ALAS2-2022-1784", "ALAS2-2022-1806", "ALAS2-2022-1818", "ALAS2-2023-1952", "ALAS2-2023-1953", "ALAS2-2023-1954", "ALAS2-2023-1955", "ALAS2-2023-2031", "ALAS2-2023-2048", "ALAS2-2023-2058", "ALAS2-2023-2079"]}, {"type": "amd", "idList": ["AMD-SB-1034"]}, {"type": "androidsecurity", "idList": ["ANDROID:ANDROID-11"]}, {"type": "apple", "idList": ["APPLE:1451472D328FDFE3DC99DD199D7D7CB9", "APPLE:251C897D47AD6A2DB0B7E3792A81C425", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4B24B474978FAA0D4305A8A3C49C9CB5", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:60998B3B940109A56BF6379394ED5080", "APPLE:7B414D7D6363796AB8F0EB89C5EEC383", "APPLE:8592A5882F33472850FF959BB2667129", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:9AAA600C4496E1F352EC9F07A8BDC39B", "APPLE:B08BBADEFC88806E12CB234F1EB6C4C6", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:CABE34499864F4FA47751E5A9FCC58AC", "APPLE:F4733CD8CAEEC05AE6BBB1A2AAC1D5EF", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211850", "APPLE:HT211931", "APPLE:HT211935", "APPLE:HT211952", "APPLE:HT212147"]}, {"type": "archlinux", "idList": ["ASA-202001-2", "ASA-202102-42", "ASA-202103-1", "ASA-202105-12", "ASA-202106-28", "ASA-202106-4", "ASA-202106-5", "ASA-202106-6", "ASA-202106-7", "ASA-202106-8", "ASA-202106-9", "ASA-202107-59", "ASA-202107-60", "ASA-202107-61", "ASA-202107-62", "ASA-202107-63", "ASA-202107-64", "ASA-202112-3", "ASA-202112-4"]}, {"type": "arista", "idList": ["ARISTA:0070"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-21479", "ATLASSIAN:BSERV-13033", "ATLASSIAN:CONFSERVER-74534", "ATLASSIAN:FE-7366", "ATLASSIAN:JRASERVER-72978", "ATLASSIAN:JSDSERVER-10843", "BAM-21479", "BSERV-13033", "CONFSERVER-74534", "CRUC-8529", "FE-7366", "FE-7368", "JRASERVER-72978", "JSDSERVER-10843"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:21AD0A36-A0AA-486B-A379-B47156286E9E", "AKB:3191CCF9-DA8E-43DF-8152-1E3A5D1A3C45", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74", "AKB:B1318EAC-2E60-4695-B63B-2D10DAAA5B0E", "AKB:F2A441BA-2246-446C-9B34-400B2F3DD77B"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987", "AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "AVLEONOV:89C75127789AC2C132A3AA403F035902", "AVLEONOV:FEA9E4494A95F04BD598867C8CA5D246"]}, {"type": "broadcom", "idList": ["BSNSA22345", "BSNSA22348"]}, {"type": "centos", "idList": ["CESA-2021:2328", "CESA-2021:3296", "CESA-2021:3798", "CESA-2021:4033", "CESA-2021:4904"]}, {"type": "cert", "idList": ["VU:930724", "VU:999008"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0936"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865", "CPS:SK177428"]}, {"type": "chrome", "idList": ["GCSA-2870888737834917444", "GCSA-3475418297324307253"]}, {"type": "cisa", "idList": ["CISA:006B1DC6A817621E16EEB4560519A418", "CISA:380E63A9EAAD85FA1950A6973017E11B", "CISA:45B6D68A097309E99D8E7192B1E8A8BE", "CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:920F1DA8584B18459D4963D91C8DDA33", "CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-44228", "CISA-KEV-CVE-2021-45046"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:040F4CCCBFA0D40A833FE27260678A99", "CFOUNDRY:049D460DC2B677ECC554056DE1D0C89E", "CFOUNDRY:1550CCC59E355E3813D1C89B0774C2F9", "CFOUNDRY:163520ADA147AB65CEF40BB75A4D46C0", "CFOUNDRY:177BD11FEDF3F89426E99286BC7DC46B", "CFOUNDRY:1F5D3929DF559E968A272106B5A4B189", "CFOUNDRY:26376A1BD4B7C64EDDE25DF6FFD71812", "CFOUNDRY:2678661DA7C206FDBAA0DA5F4E04CEEF", "CFOUNDRY:4A3B7352F688F5DDE0F38F4DA0142F6C", "CFOUNDRY:5FED86D0D8C258D157F6DA659FC59DF3", "CFOUNDRY:64D4C15163392A9C4210B029935460D1", "CFOUNDRY:690C01663F820378948F8CF2E2405F72", "CFOUNDRY:69ABD678D2A3A5E6383EDFB3B6F9B824", "CFOUNDRY:6AAA637C3916EA2A44D93B95BEA9728B", "CFOUNDRY:6BFE4778EE08B8FDF49AB030FE4D7D65", "CFOUNDRY:6F549C15AA8101FE972631A08A5F16F0", "CFOUNDRY:725EC2E9F7A1F604450100F0F7DDC79D", "CFOUNDRY:7A7B4FB74B9DE9F3EAF1D3E48B048B68", "CFOUNDRY:7CCE0B0CA4C32E297BEADD4E79F7EBE9", "CFOUNDRY:7CFA05FF63DADFE32E3B6B3CFD30F896", "CFOUNDRY:830AB4ADEDF5AA0A08E570327397217B", "CFOUNDRY:9132435B30C67C7B8454D7B514BADD53", "CFOUNDRY:9AC404297487E90478F35DA3FFC8D7E6", "CFOUNDRY:9D68ED6016BE103A2C54B6BFC20E2063", "CFOUNDRY:AA356DA8CD5E3C69DBEE45AEF6C8C74F", "CFOUNDRY:C51D5E136965C2018AA261ADFD5CD91D", "CFOUNDRY:F0013A3F6D5B90D6F83A023B5EDD0066", "CFOUNDRY:FAA30968EB5FC787D7DD15251E2F2C77", "CFOUNDRY:FB5174E74D1A073C60E381A1D393BB5D"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1614885634", "CLSA-2021:1617285762", "CLSA-2021:1623075923", "CLSA-2021:1629395067", "CLSA-2021:1632261785", "CLSA-2021:1632261872", "CLSA-2021:1632261944", "CLSA-2021:1632262317", "CLSA-2021:1633965229", "CLSA-2021:1634745118", "CLSA-2021:1638804230", "CLSA-2021:1640002354", "CLSA-2022:1642084196", "CLSA-2022:1665428177"]}, {"type": "cnvd", "idList": ["CNVD-2021-102398", "CNVD-2021-71263", "CNVD-2021-99302", "CNVD-2022-01776", "CNVD-2022-05533", "CNVD-2022-05534"]}, {"type": "cve", "idList": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3100", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-38604", "CVE-2021-4104", "CVE-2021-4125", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-43529", "CVE-2021-44228", "CVE-2021-44530", "CVE-2021-44569", "CVE-2021-44570", "CVE-2021-44571", "CVE-2021-44573", "CVE-2021-44574", "CVE-2021-44575", "CVE-2021-44576", "CVE-2021-44577", "CVE-2021-45046", "CVE-2022-0070", "CVE-2022-0552", "CVE-2022-23848", "CVE-2022-33915"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1969-1:4B7D2", "DEBIAN:DLA-2228-1:202D9", "DEBIAN:DLA-2228-1:4153C", "DEBIAN:DLA-2228-2:22D73", "DEBIAN:DLA-2228-2:97FFF", "DEBIAN:DLA-2261-1:D5D5B", "DEBIAN:DLA-2301-1:BC2C9", "DEBIAN:DLA-2301-1:D8A44", "DEBIAN:DLA-2303-1:3427F", "DEBIAN:DLA-2303-1:761C9", "DEBIAN:DLA-2340-1:34DF9", "DEBIAN:DLA-2381-1:C9B4B", "DEBIAN:DLA-2563-1:7D5FC", "DEBIAN:DLA-2563-1:B363B", "DEBIAN:DLA-2565-1:2FCB7", "DEBIAN:DLA-2565-1:CC1A3", "DEBIAN:DLA-2619-1:8192B", "DEBIAN:DLA-2664-1:7F2B8", "DEBIAN:DLA-2666-1:1352A", "DEBIAN:DLA-2672-1:4D320", "DEBIAN:DLA-2677-1:28A45", "DEBIAN:DLA-2691-1:57A3E", "DEBIAN:DLA-2694-1:F9B4F", "DEBIAN:DLA-2708-1:E46E3", "DEBIAN:DLA-2734-1:488E8", "DEBIAN:DLA-2760-1:AB0C9", "DEBIAN:DLA-2766-1:9EFDC", "DEBIAN:DLA-2774-1:D8CE0", "DEBIAN:DLA-2836-1:5E8DF", "DEBIAN:DLA-2836-2:04B5B", "DEBIAN:DLA-2842-1:95CB4", "DEBIAN:DLA-2876-1:15A8F", "DEBIAN:DLA-2885-1:0A4E0", "DEBIAN:DLA-2895-1:B4895", "DEBIAN:DLA-3044-1:84458", "DEBIAN:DLA-3085-1:091D8", "DEBIAN:DLA-3110-1:B88CA", "DEBIAN:DLA-3152-1:9B676", "DEBIAN:DLA-3268-1:F6EEB", "DEBIAN:DSA-4500-1:C7649", "DEBIAN:DSA-4500-1:FB1AD", "DEBIAN:DSA-4550-1:A59B3", "DEBIAN:DSA-4606-1:01C21", "DEBIAN:DSA-4606-1:D7F34", "DEBIAN:DSA-4741-1:EFC32", "DEBIAN:DSA-4855-1:4A0C0", "DEBIAN:DSA-4855-1:B091B", "DEBIAN:DSA-4869-1:6F57F", "DEBIAN:DSA-4881-1:5FAC1", "DEBIAN:DSA-4885-1:31BC0", "DEBIAN:DSA-4920-1:9BEA0", "DEBIAN:DSA-4920-1:E3102", "DEBIAN:DSA-4930-1:83549", "DEBIAN:DSA-4933-1:33C31", "DEBIAN:DSA-4933-1:B1877", "DEBIAN:DSA-4963-1:90BFC", "DEBIAN:DSA-4963-1:DA7BC", "DEBIAN:DSA-5016-1:44436", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE", "DEBIAN:DSA-5197-1:EFC47", "DEBIAN:DSA-5316-1:4E3C8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-20673", "DEBIANCVE:CVE-2018-25009", "DEBIANCVE:CVE-2018-25010", "DEBIANCVE:CVE-2018-25012", "DEBIANCVE:CVE-2018-25013", "DEBIANCVE:CVE-2018-25014", "DEBIANCVE:CVE-2019-13750", "DEBIANCVE:CVE-2019-13751", "DEBIANCVE:CVE-2019-17594", "DEBIANCVE:CVE-2019-17595", "DEBIANCVE:CVE-2019-18218", "DEBIANCVE:CVE-2019-19603", "DEBIANCVE:CVE-2019-20838", "DEBIANCVE:CVE-2019-5827", "DEBIANCVE:CVE-2020-12762", "DEBIANCVE:CVE-2020-13435", "DEBIANCVE:CVE-2020-14145", "DEBIANCVE:CVE-2020-14155", "DEBIANCVE:CVE-2020-16135", "DEBIANCVE:CVE-2020-17541", "DEBIANCVE:CVE-2020-24370", "DEBIANCVE:CVE-2020-35521", "DEBIANCVE:CVE-2020-35522", "DEBIANCVE:CVE-2020-35523", "DEBIANCVE:CVE-2020-35524", "DEBIANCVE:CVE-2020-36330", "DEBIANCVE:CVE-2020-36331", "DEBIANCVE:CVE-2020-36332", "DEBIANCVE:CVE-2021-20231", "DEBIANCVE:CVE-2021-20232", "DEBIANCVE:CVE-2021-20266", "DEBIANCVE:CVE-2021-21409", "DEBIANCVE:CVE-2021-22876", "DEBIANCVE:CVE-2021-22898", "DEBIANCVE:CVE-2021-22925", "DEBIANCVE:CVE-2021-23840", "DEBIANCVE:CVE-2021-23841", "DEBIANCVE:CVE-2021-27645", "DEBIANCVE:CVE-2021-28153", "DEBIANCVE:CVE-2021-31535", "DEBIANCVE:CVE-2021-3200", "DEBIANCVE:CVE-2021-33560", "DEBIANCVE:CVE-2021-33574", "DEBIANCVE:CVE-2021-3426", "DEBIANCVE:CVE-2021-3445", "DEBIANCVE:CVE-2021-3481", "DEBIANCVE:CVE-2021-3572", "DEBIANCVE:CVE-2021-3580", "DEBIANCVE:CVE-2021-35942", "DEBIANCVE:CVE-2021-36084", "DEBIANCVE:CVE-2021-36085", "DEBIANCVE:CVE-2021-36086", "DEBIANCVE:CVE-2021-36087", "DEBIANCVE:CVE-2021-3712", "DEBIANCVE:CVE-2021-37136", "DEBIANCVE:CVE-2021-37137", "DEBIANCVE:CVE-2021-3778", "DEBIANCVE:CVE-2021-3796", "DEBIANCVE:CVE-2021-3800", "DEBIANCVE:CVE-2021-38604", "DEBIANCVE:CVE-2021-4104", "DEBIANCVE:CVE-2021-42574", "DEBIANCVE:CVE-2021-43527", "DEBIANCVE:CVE-2021-43529", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-45046"]}, {"type": "exploitdb", "idList": ["EDB-ID:50590", "EDB-ID:50592", "EDB-ID:51183"]}, {"type": "f5", "idList": ["F5:K02219239", "F5:K14760551", "F5:K19026212", "F5:K19559038", "F5:K22415133", "F5:K24554520", "F5:K24624116", "F5:K31878120", "F5:K32171392", "F5:K34002344", "F5:K43700555", "F5:K48050136", "F5:K54450124", "F5:K74013101"]}, {"type": "fedora", "idList": ["FEDORA:0492F3055F3A", "FEDORA:09DA530946F5", "FEDORA:0A343304CB93", "FEDORA:0BA8230F3B81", "FEDORA:19CF8305D42F", "FEDORA:20B1830A0724", "FEDORA:24541309E0C8", "FEDORA:2D1BB31397C7", "FEDORA:2FB16636512C", "FEDORA:33F5F3096E54", "FEDORA:344EE312AD63", "FEDORA:3F9753052E9C", "FEDORA:40F4C30A9F42", "FEDORA:4863E3093F4C", "FEDORA:4D6AD6087D20", "FEDORA:51E773072E1C", "FEDORA:548FD3102AB0", "FEDORA:5697830B6819", "FEDORA:57A373072E82", "FEDORA:589CF30BDEBA", "FEDORA:58B4460D22EC", "FEDORA:58EA560560A9", "FEDORA:59A883072F03", "FEDORA:59AA230A7074", "FEDORA:62E10307F96A", "FEDORA:662DB3076C1C", "FEDORA:696B1301E456", "FEDORA:69F08305D42D", "FEDORA:6E91660E154C", "FEDORA:70256616B2FD", "FEDORA:764143099EED", "FEDORA:79CAE30A5759", "FEDORA:8234B30528F7", "FEDORA:8267A3072636", "FEDORA:83CB5312AD6E", "FEDORA:841B6304C3CD", "FEDORA:8E873309A61B", "FEDORA:91F3430B4C91", "FEDORA:9276A604C5FD", "FEDORA:9471A606D8C2", "FEDORA:95A5B306879A", "FEDORA:A0EF6613BB10", "FEDORA:A46793091C12", "FEDORA:A5A703103140", "FEDORA:AAF643072F13", "FEDORA:AFC9E304C77D", "FEDORA:AFD5E606ED5A", "FEDORA:B050060758B6", "FEDORA:B0DC3307F42B", "FEDORA:B14C530A6A1B", "FEDORA:B2561309E0E7", "FEDORA:B26D730EC2B6", "FEDORA:B4277665BA1C", "FEDORA:B459630CC2D1", "FEDORA:B5C2330A707B", "FEDORA:C3ED760C452F", "FEDORA:C5FD46089669", "FEDORA:C7E413533E64", "FEDORA:CA2F130B268C", "FEDORA:D1BE0309E3C6", "FEDORA:D1ECA309D9B4", "FEDORA:D303630E6E8E", "FEDORA:D9D67604AF39", "FEDORA:DA89631A6294", "FEDORA:E2E153060992", "FEDORA:E526F603B29C", "FEDORA:EB3AF3096E5D", "FEDORA:ECBFB316C4D4", "FEDORA:F0DF83075DC8", "FEDORA:F113230AA459"]}, {"type": "fortinet", "idList": ["FG-IR-21-245"]}, {"type": "freebsd", "idList": ["0A305431-BC98-11EA-A051-001B217B3468", "1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "2F3CD69E-7DEE-11EB-B92E-0022489AD614", "381DEEBB-F5C9-11E9-9C4F-74D435E60B7C", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "47695A9C-5377-11EC-8BE6-D4C9EF517024", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "56BA4513-A1BE-11EB-9072-D4C9EF517024", "58D6ED66-C2E8-11EB-9FB0-6451062F0F7A", "650734B2-7665-4170-9A0A-EECED5E10A5E", "7262F826-795E-11EC-8BE6-D4C9EF517024", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "96811D4A-04EC-11EC-9B84-D4C9EF517024", "96A21236-707B-11EB-96D8-D4C9EF517024", "AA646C01-EA0D-11EB-9B84-D4C9EF517024", "ABC3EF37-95D4-11EA-9004-25FADB81ABF4", "B0F49CB9-6736-11EC-9EEA-589CFC007716", "B1194286-958E-11EB-9C34-080027F515EA", "C4AC9C79-AB37-11EA-8B5E-B42E99A1B9C3", "F671C282-95EF-11EB-9C34-080027F515EA"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-20:22.SQLITE", "FREEBSD_ADVISORY:FREEBSD-SA-21:16.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-21:17.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-202003-08", "GLSA-202003-16", "GLSA-202003-24", "GLSA-202006-13", "GLSA-202007-26", "GLSA-202011-05", "GLSA-202101-28", "GLSA-202103-03", "GLSA-202104-04", "GLSA-202104-06", "GLSA-202105-16", "GLSA-202105-35", "GLSA-202105-36", "GLSA-202107-07", "GLSA-202107-13", "GLSA-202107-43", "GLSA-202208-24", "GLSA-202208-32", "GLSA-202209-02", "GLSA-202210-02", "GLSA-202210-09", "GLSA-202210-13", "GLSA-202212-01", "GLSA-202212-05"]}, {"type": "github", "idList": ["GHSA-3QPM-H9CH-PX3C", "GHSA-5XP3-JFQ3-5Q8X", "GHSA-7RJR-3Q55-VV33", "GHSA-84RM-QF37-FGC2", "GHSA-9VJP-V76F-G363", "GHSA-F256-J965-7F32", "GHSA-FP5R-V3W9-4333", "GHSA-GRG4-WF29-R9VV", "GHSA-J3CH-VJPH-8Q6V", "GHSA-J7C3-96RF-JRRP", "GHSA-JFH8-C2JP-5V3Q", "GHSA-MF4F-J588-5XM8", "GHSA-Q9WJ-F4QW-6VFJ", "GHSA-QGM6-9472-PWQ7", "GHSA-V57X-GXFJ-484Q", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "016A0841-D1FF-5056-B062-0D08FCE624CB", "0241DC13-63CB-580C-BDC6-78F8BB03567D", "024D29D3-309F-5B7F-B8C9-2AF149F9A213", "030066BA-6C48-5AD9-9EAF-11DECB6A3930", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0420DA06-BC6E-5B30-8BA3-E30BDE351E15", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0B1484CA-22A0-50C8-9FDE-1E07AD2BBF96", "0B596CD2-49C7-50A8-A43C-8DE3027EC2B7", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C734DE8-002A-5611-8897-213D53D85089", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0CEA12C7-97F6-5BF5-88FF-6797542A037F", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0D6ADE4E-8BA2-5BA9-94CB-ED90234A9B5C", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "1097EF60-FC77-5135-B92B-4A84B46FABAF", "114D719E-11FD-5F49-982D-CB278A7796DB", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "1370FA0C-A273-5E82-9EEB-7E2E5628D23E", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "141F2E38-979B-50B5-B649-96785B255523", "14482532-2406-58DF-89FF-30B085015257", "149F99C3-6B62-5255-8DA6-A0370E6ED5F7", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16C11F1E-B5B4-508E-8238-6BF3458B34D3", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "1713E8B5-FB61-5B95-8337-AC6691ECF711", "17BD376D-CB3D-5068-BA1A-79A1B280D87A", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1B8CBBEC-5ABA-5792-8D2A-A51EB4CC6352", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1D3D13FB-46D9-572A-A304-FEEC4619D37B", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "25BF935A-DFB8-5180-B091-8A08629BDC4C", "26905C55-5DC7-5275-A0AF-FAF06685612E", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27760EBF-2681-5AF4-B884-18C8BED5127A", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2B297EB1-A602-5F7B-B21B-C34BC6EB4308", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "2F657CD7-51C1-50EC-9E70-D422A0CCB2B0", "2F792C33-6CC6-58F1-9166-4DEA421DE2C3", "2F83846E-DF16-5074-98CB-01158DE1C6C6", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C6DF99-400E-539F-AA8D-39E7407F4796", "31E7D7EA-2E1F-59D8-8BD7-81B8A4894F91", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "356A7EC9-4E47-52B9-856C-0215B3D9C70E", "35A70212-DFFC-5B38-8294-2B835B8080DE", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3AAA878D-C72A-52A0-A5B6-0977BAF6F01D", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DF3AA17-94C8-5E17-BCB8-F806D1746CDF", "3DFE8091-03AE-565B-A198-BD509784502C", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3E66E49D-6A9B-530D-AF77-12B96257655A", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "42098CCD-C708-53FC-B3CD-5A8356B69359", "423CC97A-8BDD-56B9-9449-FC05A902AEC1", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "43CEFD04-EB9B-5765-AB94-8FF76127F1F6", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "4804958E-7699-5226-91C3-8110A4CBAB18", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4A0D603B-6526-5D1E-BADC-55B4775C354B", "4B070EB0-B690-5547-8809-F1A697118957", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4BD74B8C-D553-57C6-AB15-6B899401AAA4", "4C6A108D-3631-56AD-8C3B-9677A228693B", "4CB3AC5D-871A-50AC-9037-FF9B2CBD474A", "4DBC05D1-8178-5715-953D-61ECC89104F4", "4E834790-A0F9-5830-88FE-F520B8FE3CBB", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F57CC9C-B908-544E-92E7-92A49DE89B00", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "52E35A88-6217-55CC-B812-4EE83CECD8EB", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "5644D9A0-3A8F-52F3-AE3E-300C79911A07", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "58ACC402-1947-5FE3-9D08-021A4EFEC48A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B342AC3-2399-581E-BB6A-2EF19BC35B0C", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5BCFB44C-A4FD-5890-AE9A-A60CC135A2F1", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "5FDC1BB6-C937-5F78-BB2D-71584272E00A", "604B2FE5-9DF8-5C70-878D-2CCFAA39A6C1", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "65EB18B2-8DBB-5A70-9080-C6DA4451D7E7", "6600C311-30E5-566D-98F1-AC47E752EBEA", "677CD9AF-0520-5216-A7CF-24A1830EDAFD", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6E4D24C6-CAF4-5CCB-83A7-844F830C86FC", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F251270-3935-58F4-835C-C9D26FA97CD6", "6F7E4100-F6E7-5C57-8A1B-89F03DCC53A6", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "700E9EFF-DFA6-504F-8DD1-FB1A62E01721", "70582B5B-E1E6-5767-94A6-39740A96A052", "70EDCB3B-9053-5056-980C-AC3123913F04", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "743571E7-B8EE-5E77-B047-E2E001379ACE", "74A4D09D-9483-5842-A44A-9DA17D085AF5", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F0B9E8-D173-5309-9826-5880F8B35043", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "78CE8E59-092E-5214-9D02-A3F5F62F22E9", "7948E878-9BFE-5FEB-90AE-14C32290452F", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7D70E261-1C9F-517E-88BB-62776C7EE1F1", "7D82EDFA-5384-53C5-96AD-A99E88471129", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E16065C-63FB-554A-B463-A1E8582A334F", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "8FB716EC-9A35-5F93-9759-B27A58B52CF8", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "926942FE-1507-5B71-9266-0A5EDC38EE50", "9297A534-2B19-597A-8952-6EC15EE80BFF", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9326CB66-BADC-5643-B118-F38C39A9E34C", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94A8FFF1-6A48-57CB-9340-D6806F47EFA0", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "952CB700-FA2F-5221-96B9-2656F967B63E", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "99311B70-D3DF-51CC-A5BA-7CF852BB14AF", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9B0163DC-EE41-5E66-9AA8-A960262A2072", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A19F503A-900B-5929-8182-4BD7B1043185", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "AB5B35BD-2A55-5B27-A126-0CF1A7E7B145", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AF45C6B5-246A-5363-8436-954018BD121C", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF93C0CA-BFDD-5C90-9D8D-55350790E1D1", "AF987350-FFD2-5814-AF7B-55862F1A8AFE", "B09C4EFC-2C66-5CA8-910F-E21D17B89608", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B32ED3B3-2054-5776-B952-907BE2CBEED6", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B596B144-65DB-5863-8244-67AEE883C50E", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B8D5B910-B397-520E-9526-FE32D86E93D8", "B9A69678-D96F-528D-B436-366259B4A283", "BA8F1657-CF64-574C-81BA-6432D5A351D4", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BD1B0180-DA8D-5255-B3FE-EB6CBC730206", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE4B2B71-B588-5666-9A02-7855DBD45762", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BFB49B3A-706B-5625-9899-54FCB1EE767B", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "BFE641BE-701F-5AE0-A891-975C96EFFAF6", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C14C47DA-F04C-56CC-955A-FF12A410D2F5", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C306DCEF-59B3-5147-8169-3674490BD35F", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3C6029E-8A78-5C0B-9CF6-51489E455464", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C60ADEBE-644F-595D-8AD1-0EB70611C346", "C60B1B73-A009-5CE1-9D6C-3B66270812FD", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C6C5DB3A-FC0D-58BE-B769-D097420B7716", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C96865D9-B80D-5799-9EB6-DDF13650F0AA", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB4B727A-DC5A-5BD9-84C9-782301F87004", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "CF96C0AC-16EB-57DE-B450-775CC256F1C2", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D107A97F-1C44-59AB-8FFE-803D1DC21EA3", "D1E393B9-589D-5A20-8799-0F762FD361DA", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D536CD4F-33F2-570F-BA34-54E141F1132C", "D64C04EA-093F-5924-A39B-714908D4637E", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "D8246B9C-AC86-5FFA-AA8F-4419E4CD07F1", "D959F04C-CDEC-5F39-9F51-BE3EC7B28341", "D9F6E4B0-AC2C-5A70-B795-360757BE02D2", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DB81B174-C3E8-5B08-80E4-A6D768400C4A", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DE88B6AE-5D54-5B49-A097-57038C720463", "DECBAC7B-9235-5E00-81C1-142CD41306FB", "DEE433F2-3A1C-513B-AE6B-E11EFFB5A8E4", "DFF2F784-9ED2-50EF-B79E-3EBF5A9B5428", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E4103A50-881C-52BB-86CC-27F549B798E9", "E4491698-477C-599A-A65D-EBA7441764E9", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E5280802-AB3D-5E96-83E0-97F22FB9EACA", "E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E981B35D-7356-5A5A-963A-744545A4E51C", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "E9DFB8EA-B99D-5022-ACE6-5A42D0D6A350", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EA906824-9149-507D-893C-87A7FED8998B", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "ED1C6DF0-94A0-58D6-B6F0-1034CE61DFCF", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F186E974-8939-5642-89F6-57E5649B31E9", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F493C59E-F2A7-52D1-B4B5-69CD3748C5E9", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F50E9F2C-8C80-5A76-A993-A3E42414D797", "F523E799-3659-532F-8EED-40AD7F79E752", "F594470D-2599-5B2E-B317-C9720581C07D", "F6A3D0A7-D380-5633-BFA5-3633EEBB6CDF", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "F99D82FC-3BE5-5B6D-8FDC-0E5BF9C0CE58", "FA2E2C3F-6F4C-5B17-ABFC-FC95FA17C474", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FD364396-D660-5D23-8323-23248A5108C5", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D", "FEFA5AE8-5C94-5174-B44C-AC52B9AEAEAD"]}, {"type": "gitlab", "idList": ["GITLAB-EF4FF952BF1FB5F91CAC48BBC409A535", "GITLAB-F5BF307B68975767D28FF3F1745F990C"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:8349A69B035DE11BF3027158A9CEA417"]}, {"type": "hackerone", "idList": ["H1:1101882", "H1:1113025", "H1:1176461", "H1:1223882", "H1:1423496", "H1:1425474", "H1:1427589", "H1:1429014", "H1:1429694", "H1:1438393", "H1:1624137"]}, {"type": "hivepro", "idList": ["HIVEPRO:0D02D133141B167E9F03F4AC4CA5579A", "HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:28A01D4CBC8A05BECFBA17B5AF4793F1", "HIVEPRO:310F7AA9457FF55D42E100B468844E6D", "HIVEPRO:5339CBE01BD312A79B81CAAEE0F3B32E", "HIVEPRO:57EAE0D1FD9EA88C12142AFF641985C3", "HIVEPRO:753BDE83C1D82672DBEDB937144E1598", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9", "HIVEPRO:C037186E3B2166871D34825A7A6719EE"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "huntr", "idList": ["AB60B7F3-6FB1-4AC2-A4FA-4D592E08008D", "D9C17308-2C99-4F9F-A706-F7F72C24C273"]}, {"type": "ibm", "idList": ["004795EC88EC224A6BFB93940B96344B4EB9FAFDD91D056225AB0FB24FFE6CFE", "004D4A46545DE65BF1BF4C6653130DD7726B41D25BF8C1E412D9873D6E6DB314", "00B8C97EE29C4817481434B7FD887049A0EA42C49E5514E1877ED97B5322DB16", "00CA973D0D5F4A08ADB77D27F66CF53D661D1B67B8DA263B3CE4522918A4CFFF", "0172701FE5FE7C060372C9A6E7199B0E91A4F7E5904E7762F54202A8D4CB9759", "01B07941F6D112B54E9932E67440AA4EF8585F802A5C6E5AC5F262D45929A230", "01C1A66F149F6CC650556CCBE7E381780D3142691366A6B6EFBC8CD5C674BD4D", "023AF7CE811F35CB9EA5BD22171F66AA17D83D1B9FF44FF925D320814BAE40E2", "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "0319E4F01D8C2BB1E1D9CA642942762AB6D0486EE87445E505B6585BF79E6E34", "03991456EAB03B09B39DC9DB5C8BE4A51167523943AA9AE61168FCD6FBACC80B", "03FB798F067FAF41EB009C69979886C89AC88567ECBC9DAD159CDC2AB547C1F7", "045B3221FB3BBC39DD70A158CACD0ACC0885A17A6B16F3CCA24E243D79A3DFB4", "048C762AAACAFC74604EFAB15A41479F902FA040758DF428CB364B0242E01EE5", "04D3658F043D6F4A2AA1B2F519A7E89C112641C7C4E2E58E14BEC11BA66E803D", "053134070CB8D6609B7F157DC74146FFBCB3EBE941406A677E889C3CAF773364", "05A1D58708802BF8C1674EE32BEC4344254929330218CAD68AA838AA7F549BF7", "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "05C0F0FFAAC20F511D50030C8EC7ECBE67EB162A7352C90C63F986E1F73F829F", "05C433115EE2DEF62DD69CA7C7E97FF424FB6D815F82B8FFDD0435DD323AC60F", "05C711ADE626E71EEF208B57EB92611FB65BACFAC2E002E5DCF15BB16E425278", "05DC2B42328B1D8271D4FF358EC4A58529E6A6A6B8D7E154A691EFE1CCE81D1A", "05FFA3C248EDB6D7EE11C5609FAB04F6122B05C3258CA58F9DD92166278EE9D8", "06B617CF301DC9505BA9DD5DB1C356FC3A1CCF92C2BD6C1F311F6B9EB8C0F85A", "06D6FF9BF7B39015A7C2A9086CA1736D9B28FD1BFED11D60E1FB275F243C4224", "07F48EB2EFD881D21294E1AFEEE704414B9605E4B9B1F4BF6C82B1917372C2B8", "084618FE115DBC963CDA469EFDF156D77B5FAF5BE04B99575716D75AE5C42F9B", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "086B39C8EEA9E80F827A72EB837BB35072FC75FA2EFB8DDEC667E6F0D07BFC82", "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "088792238BCB34F9D5245E5C573991A7BE90A307DD73648043580882E02AB80B", "08B8F7A5BD2A4C807B593B79793086AE818A4C18A2CA1A3A38E171A0EA5BD485", "08C5ED1F3E47E1FABE2752DAE40446E385D6C5EB30C70D7C739509CE04B06788", "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "09E2EB771A00246F88812FA7239EC135B4D760017A61975C9C7DFACAB2B566B3", "0A2CC076E697047BEB801920E37078BA16894DE0A4DAB7A64E209E04A52ED4A7", "0A50FDB1D7E17C09815A2D06C237539FFD67E23789BDD9A730E5EB3DD9473349", "0A6CCE42A31E930F28AFDE0602BBBC571E0114C6DE44000B246AC3D8A844DE39", "0AE80E7D1B92F5584C0652988A6BC58F1CE1E37349CB543C23A7BCE8C2445CCD", "0B0C1C8C8CE115B4178E3F36D545ECA410D6199928FD71C89DC4DE93BB9DDD9F", "0B62A979A39E5FDD103EF50E44280DC84E1DA4B8937991D39D2F70B94DE5CDC6", "0B7D327E5943F8BAC5B2E5CC855F0062D08A51BF03FA3BB29C4B6E081796EE73", "0C1804CEEC31BC3891CD11D25C3FF5366F208C6C862263628223F5F36164CF5F", "0C5DF0032AED817AD90450244E2BACA3580BEA79A5DBA7B84BC329B4F1B22585", "0CF13F8FB4FD77C6593C265FA8F397D0C4324FC1F07F86C436B4937E98B25DBF", "0D1E5BC462EDE366FDBF6EBBD61DABE937E26D4A64AE5DCE2B72624D90E14FDE", "0D6234D366BD8E5B02C4B7507046A503B63D0B4B38E06DEEBC5B6B98A5E2C80E", "0E0248E4E7C78DC0F137D1A675D47FF40D0F4EEB2A876D0083EA60DD92CFF303", "0FEC88A4274D91DBFBCE46AE5EAF1CC67B908E3D943BD3504E2985D9090BF93C", "0FEF4738C59C97322DBD25A9806D1EE3E131F117AF9CA9C33F3A6098A981AE66", "10DF4536D86919652FFFFF08E8AC284AF696E6684CAF921DD9F5AB335A3882A9", "10DF54AA6E02F56E5A696B90CA92AA8E0E7F033CECD731E6AF976A827BD42316", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "121DC798369C78477632D85108287366F8EBD95F4446B39AFA86B5A9913FF44E", "127C76472291CDD3CB521ED83F3C5EE611A0DBD9FFDB39D76C830FEB168F09A4", "129CE78870CF5A56320BA28A8E839DC00636BEBEF434ACBBC173D76B086059A6", "12B5FC796651D7A35DCF3B8B99675B867D7E526A689762A16A5B6315936577BB", "12CE8FF345E0DE87F32929BC10524C6FAAF1E389A3A8BD632A0FCE3BDA94A71C", "1310B3EFA1CB8221444DBC5BA49E64CF94DE9CAEC7263EBE35877FDC59E5AC3F", "1344237EA4CB2FC0E4E886077C19B07F9DB7272438002709C5CF339D588A226A", "13DC6C947B6413CFE7F34A801E2D453C1CE59E88BD9CD0784822D61AA18153A5", "13F541CB7E471297DBC119C027DC6613DDB93B7E6EC8CAAB1918D4F75B9B0A25", "1449AEBCE14C7A0A52FEC9AC77DB499F51B4D1779EECBB859DE1E3343B21DE81", "147A8F494121D31116661E9EDEBD30F60B7D11D71939DEBC18A14DC44EE48B82", "14C753A9841FC063FE9AB269465731F7364886E6ECA1E243C8EF2133E76FCCD2", "1564B346628009160A0396828F83A178C5F24808FA0E2904A4DA0F9DD72C42DE", "15A287A106B845D07333D01887C3D8023917F0A2AED2934387D8904CA8A42DA3", "161E93A17C210873A930616B7AA642E8DECB548C126F51ACBF476947F04F5F46", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "16BD53FF8D4AF4008A6B9480C8D62C5AECEF46E4F486EC150D2D9BBC2C7349FC", "1718BBC548F6B9290910114BC5C00A77714052D125CB0F46088F37430F68E717", "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "18433120583E82C639DDC6BF1D76EF365C9C500B0A9CC0AE663BA4BE32DC9232", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "18A47CF24DAFF468D1B3E48E56A7C723BAAB5077F0C1ED2DC22653DD05320A38", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "18DD82726ED611CE07A6FE2592344159C821D9BD564B6D65D1831A37C7550D6F", "19613990614CDAB7F34154F3A620BBF18E7F15F79F3D35FBEB7EC2FC9249AD2C", "198E2723EA7A1CE1B7B95165E39923D5EC8AC5F2D17849CEEDD3695D8CF40623", "19BDC8BC083D06551FAAFFE502D5430968A9B28E5C71827BCFA873F30BA60815", "19DD6BC826C8BB8D144E5985E9EA9E8E00533CC7AEA127F00BAC78AFBE98ED00", "1A35248CBBA17AE981ED0B52B133E7CA1678042C1A9C93C2EC8BED2EF8994420", "1A4A0FAB6D751A7711F422DB650551ABAC416BB4CB9C7C4D6BED8778218B5D1B", "1AEC66B946906A8F4682C35B7C619499014756DEA99B2673B7DD17DB8DFF256D", "1B0ED4A3526A4957AFA5966EC1D954AC93826AA8F95F1EF2E8A3A6657E73F691", "1B24B80EE0365FFF7DD17D658867C0FAF5A2D298D0CEFC01C750A9D3A2948965", "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "1CC73BCA2715A24B5B151F09467A8D56D9B69AF516506F82AAA8779D2A0D9D37", "1CF787D3495FD84D3FB0E74685765A4270075CE576D888A960036582B4F83133", "1CFF840C0308591ED858D48151909C9A66A9C154B22BCC3BCF7A195C153D3C69", "1D2ACD2E26FAAB07F4713510046DB56AE9A2584306D1B3C884E18DC47771F892", "1D375703477B8434B33880D4C2BC54C4F52207A530C550AD113F53DC33F805E9", "1F4AD6C45C3008DFF01BE9EE1718E1541E761D5A4D77198ECEBE3A97CBCEF6FA", "1F6B1F3D85A0CCA59E5FCB54F755C559078C8064F36F920EB06BEDB03C8098C1", "1F6D85E6E7B1A994AD8F1E3D1E2C7EB0306D405EDF2AE06A58DF0249ADC65DC3", "1F7D1DABE3F10F804A14788D638556B04F5D5038E1088B9F38B3961987623815", "20253899F502FDF9B48857A95C7DD8AE785940A7D1A6A2E66760804009268FA3", "2042D81324560EA3A6747DAF5E2633EFD4EC3C4BB62989E7EF2C6A1F73035677", "20763F2B27C66C722124CBB23FF4ECBE76431735E0AC6E1F94E8999CB3A2CB25", "207BA1F7EAE0F24909102A8E9F71F4E090F16E370A882E1CE68B1B6EFB5952F4", "209DDCAB6F475A868DA84DD19D31132027FF62B259B6541CA0C9859AD7CF6ED3", "20A5B4AF60B52576A2246BE431A6427FACC29A7CADB4DC7C1C2466965B022037", "211CD9F1ACF38809CC4473AEB8D5CFC5AEDD6F6E475C5EC5DC18B3B624F8BF48", "231A52BDE442B2AB4C8738E8A5DA147B21BA8A7C7B8F0AE7764349AD467647ED", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "23AE54815D4CF73296F6842E5DC0E74807A9DBD435A1F78F1FCEB4A6582B9613", "24B1AE073C3E8B032429754E1E35B7D96539587DDA275F7A13183F44D07B88D2", "24BD16DFE4A0066D365799584A12F1287B386A11F77FD843EE761A16843EAB83", "254982B133AF87964C8EDFD23D188B5AC76FD0D3823194E367660BA1FDE55EFC", "25514A79ECD6817174D110214E069F3D23C2603471F12B322B692159C4B74847", "25649DBC7E3256428D82B855B8B2D096C91EC2361653C508EA395A775FB57C82", "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "261D21204C9E2060DE70CAB5932236C5EFB2EE37E8BD5A2C64CC6F1DFE9C5D11", "26D8B9BA25346A1142EC41EC455309415D14076E05E1C0FE94BCF3C77CFC130B", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "274B8DA8E886AD10D2ABC0F17C9502879E32577228D9DECB974BCE12DF093D67", "281139F30DBD8FF3981EC6F46CCC25F3D1AB2B503A0460D13A7677E2BA52ED5F", "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "2948AD36AA26AAE4907665ACA6B2F38E724C0B08EE4F4A82BCBB655C2F98BAB1", "295AADC2BDA75DE708729FC2E48FF012F497BCA3F20C0D83AFE9E96E09FA035F", "29D0DF01470BDC8419B05A248E7472C3D66A25942620A36BE340FC58780F85D4", "29F555FE0C007641F374A2C889492591D81568655082EAB6C7D0BA3A429C7001", "2A1E47DBD233FE789FE30CE03EB01C4E46A020DBEF4F312E3EE04541FD0B1866", "2AF38903DB3E308E6136B5CD830F4FF293CECE336C4C36CC009014DB841F32F4", "2C91E3B2FEF04BCEF23F12290F03A43D58EEE4E79946072B4CD9E132F31D3891", "2E43FFB94818B9FA5C94DA88B4D321908359974CB3975DC266C2CC995ACB39F3", "2E58B569B4DB4763709C8CD7E2753A53378BB27D938664EE87B306305B546DAA", "2E99FBB731310229E5D67CCF834D84A3C63F588068BE4D2601929B95EFC9AA89", "2F83AABA00B663AFEF63A77633BECC48724170228D80CF284B2FA6A8E71FE2F8", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "3013E3EDD3900D973C5458C7115888BA961C479A9EB9DA6399CA9B389B37A68A", "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "30A0E9F889B3548B9BD0339A7DD9F4F3D51821FE906234D247C17BB05B831873", "30A5CA62F6580AAFA852738DF5325C812D685A3292E94F7A9E759C1125E79A0A", "30B9050919D7C39431AC5338C16936C21A40D07623E5A2722246A5F91B5C6781", "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "31818542FEE3EBA05F196E3245AADB3A27506A9391A7E39DC666A3A5AAEE4963", "31988A64B432846FAECF3D2D44F21A7A70DDA856ADC1A02810560151B1C9396E", "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "32A552C9D601D5556D9E77A4710C33359E9E59554828DF5DF32E88FA7D8B12FD", "32B20434710D4CE2D9F48A3DF5BB5D8CEAA637E619A2F59A623867C3064BC74E", "342C70DE6943237DCB4E2BCA66A117A8AC4A929DA3631A2BB88E27D99C1A1F68", "34A1BC83BF19906C7B478BA74801364559DCACB160B8635E7EB96D184FEF89D3", "34BBFD07F97BF2576AFF7A58CE5BF96E2ED12ECB554A40CA1C2AF78A5DEA65C8", "3617E5DB629BF3E4966913C6CBFB7FB0D83FD9726DE73DD22305E09D36598E97", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "3751D59918B26EEDBAC0FEE1886D1A118A9D2105E993222B09C299A55F5D8424", "37E4288762F4137CCB40EAF6740BA95099EFFDB0B7C1A2F36DD293FE994929E5", "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "382442D01890BE0F397DB0132A6B09339C6A137724C837A5E2907ACB61EA374D", "3828A20846DAD245008B2B65E98D8C5488EDD3BEE6195D59400F18E61B82C570", "38CE21C8E36E0D8E13CFDB6726BF7297A06F5BEE727FDC02819987C18B1360E6", "38F82D2C018275ABAAA2AFC2F7D48B9C43CF8F7C91A6847F9562FF98BEDFCAE1", "3976D01F8C3788737A665B8B2C67DBBC91A5E249602308AB620D7FB7082293F3", "39C439A440712A8825FAF249AE9256D154F422331B554EA4FEF0A1953F90EEE0", "3A60FFE4C6E74A1C21779F3EBDA68EDA39A6BE6BFE8D6C3E6E1205188F1FB85A", "3CF3C789E67BC4BED4E00BAB92CFDEBBACDE7238E903B67252519FD7D01B4413", "3DD98F75D577A590F9C6B1044AA5212C3724660A7C7FB06B6DA4B25B95BAE35A", "3E676CEE741F035B426AAE7DF3EC83BF7941667EB382805D029B2A95E65A0352", "3E89F6F868ACED4017A55BB54A40658D10E6704003F50ACBCE289C1637B41045", "3F108F67BF1C0CDF3357048A55D6F542375A28F355F9359FDBF6A3EA00B3BE23", "3F22D484EEB21B0ECFBCEC72BC808CC13691870E90AFA5724963DAB7B31EAE45", "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "4242C683C007EE5B94B25809E80B1C728A4F2E637857CE565129C26B4FD05423", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "42CCD08061313E58CD6A73C8392806C80452EF564A9B5297EAD78887E47150D7", "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "42EDAFE6D8936EF20A9D2196EA720167F87C6E003FF3677093C777BD76F87321", "4444CE19278AF3B6D6D733CB7C56652494A379ADDF5788A2D704DCF2AF8B12B6", "4490A508C76B3478285658D50CD1591EE7BF09C6C6CB543CD3B4AD02093F6106", "45F290647D7A4EBF1F245A22873DA3258113639A5595D4F08D5206EB9D79EBCF", "461D38744E2383701381659B3FB9C7655B5271B60CDB145B8DACE60D09C17665", "472B90C1832448CA528B9FB0B6A4E81CAB1388397DE753F5CD640C5D7396EC9B", "4777AA656AFE2A7E99CB0D93F8BE73D4229AC1A8C767E59363E711B828FD7059", "49B51E8647F7A4F0DC547625ABFE8CEDFE5DD4CC415227136048AF28A525CEE4", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "4AE1D41640E1E1F9FB5DBE7DBF0EE0C2ACA27C0ECF4C914440CCDB95D27308F5", "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "4BF7A5E750431865636D92E71393396C252B3F778FB89C0C3E599627DCB87306", "4C10A98BEE68D0B96F2823756EDF99AFABFD6558C7AACA794EB853BCFD69F5B6", "4C62280F93124FD0C7C5C20CA30CD4D137F1D0A9E1E35780DCDE98EDBCFD8B1B", "4C80B96CCF860D1EC965D20D607161A663C8FEDCCC81B5243439A21264518261", "4CE1B2F6454C1BD94457E47D668B97B231076132166B23B18741F946099CC719", "4D0EBCF3DF78259432BD61BF337DCCFDB5C99816A483EBDEDA43077F798CF875", "4D6D019876F2EE83F308FCD9E27F7FE176603A605EC9CDF1DBCD5C5C9951EDE5", "4DCA21B56FE99A5E5A697112CA49F4F2144DF92AA26A0776EAADF3EDAC9C9053", "4E39FDB5C241C26D4DD2BD5D0D87CEBA03C22671C2E86D53C726034AAB37EFD2", "4E45A4CCE496D5E81C322B32A8275068E422B799EBDE7BAED299E58F52295C89", "4E7048D2949BF25810D29EF0126BEB63CEE9FB2EFA940D8D15F1A2EA9579215D", "4E77D6807CCB5F39F0079A9612FD44F47C18AEBAF1D9AA7EBBCB816C3FD025B9", "4EA0B21CBC1507E92BCBE50A7BEAF54CC9CB28005D7893FBDEBD48FF2E06CF9A", "4EADDF94DBE666E2A4821F37D1326BE41E94E92E6E6B1A8834D7F3C47C803887", "4EB30F982289A93326697168C61CCD073ED91E21FFACB7414B6EA10DBFA0E2B0", "4F2F1CEC21593E14CFA5185766BAB1A3ACE3CE7606D9506EA35A0E0677085BC7", "4F8D39F3F464E5E9FD3000C317BC69CF4FEEE9F0605C69E62D810607C6BB87CD", "4FB8B888437D1D3BA8267655720E593D70AA3798247EDD900F18FB420753B17B", "4FBB5FAC2DC58E004CD52875DF4CDC0625DBFB20A2AD61A597C719C2C2B0ECAE", "505AA9046670EC3A58A3F57E2932EB46B317BDB83A271F3A6627D59B7D958183", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "51B18D37F54E0E13CB87112E0323518D15B4E3A206BB32632FE2181BBF89BDC8", "52830679EDB4150222A7F147B003662FCA1434A6B008FD1B806F9E0D1196E5D1", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "548C926066F6AD2176268ED770911E39A8F8EF2D79582E0A4D8DDE7F34549084", "54C108178FEFCC2E097FAAE5C25ED91CFC0811D8F54A2518390833D0DCC7402A", "554AE47CAFD99556995805FA7FBFE0CED277C443141BE5FE13550035743CABCC", "558ED6F880AE90E6CA233933ED947E6F8B2EFF2613CBD4FECB6553DBCB9609BA", "55BBC53EEE4090294470AC417A4B8BDE9A26DF232DDD5FC327A46034AF09FE38", "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "56D5C4D9B33C1F45EC0E3A48B1E1AB84BC4291F8AFD78D9A30A0AC38C27FE216", "5815FB6A93B31EE44428DCA7206EFD79ECDE693494B2D5F28EA2CF1909915C77", "5834E81AF46691B1D89090AAA05DF8D5F3F6ABF00015A6CCFC60814EADDADCF6", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "5A77C3590D23BFD85FBC46CAC465870596841D78EFCD8AD2320EF501E87B107A", "5BE414B193D5007099D3374FA8DA8D1C67CE7C4D4ACDE8278A64CA69A7AA6961", "5C1515C744F7537118B0717D85B52611810BBDF6206930989FA3E05682B9BEC8", "5C2309A832A981E871A38D52C9E19A6D60138A5FF04933E55F3319A964A350A7", "5C34B98542AF51151FD8AFBC3CFF0F90B850FA89055DB3424D39BEEF8638F4CC", "5C4285711D841C9680531DE8ADF4E9F871797CE3D4CE7073D4D1B7D69166DABE", "5C78D16785206BA3DE0656E1DA67E30BC720F22BB98882FCD6029110F7F105E2", "5CAD5D32258B6EBB72263ED99B6DE586C3A3347FA7743140740A1F7CC94CC9A8", "5CCDFC397B134AA5DCE5EBE10022C85B3EE99DAF9D679B25DCCA69CA3D851EBF", "5D4E57B88DA114CC1637B260294F38F53CF8C7CCF19B1E4FEF1E5735A6EC78DC", "5D661EA5B801079F3B7AF6D31A8566154E3150C1E3398EC1CFA32E9398BF38D3", "5DC028B7AB8CCCA9FD3F109B69D7F7AEBDC718A32C0EC71E5693C99FFB06466E", "5E0D2EC541C3D2FE5413DA829783950147FE05FA866060FB6B6B557BC4E00A16", "5E46685CCFDAFEF52C3BC0BE649F5DFE9485392CF7A7733CC64B02CFBA707DF4", "5EB805FBA32A419246DDD86FFCA6C34246C092FCBCD8608B3ABC4B0A77FFDAA2", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5EE7E4E97581573D0B40454E7851D662668050B8C7587DA918FD85D38B92C2A2", "5F247DF8011234E4C8E9F5DA1233AD5131F7718B99D13FA0E448AB8545E5E6F8", "5F24F58173ED799EACD7F7DC971D2ECB62B80971453D92D5DB9CA708526DE3A8", "5F4A0C2884928132058FB1F6A2A491E93E6AD59F7652C09398215C3B1702DA1D", "5F61B9F9A964CB3CBB554CD28E3CE9FF36CED8CD1357DB2E45299E1C329C251A", "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "5FEA359E09DAC595A907136425DD518D4ED0AB1F127CAEAE7EFB621BCCE8E305", "60679F1EB565A827FBFDD72C9C325755586FDA1F0AC78877A6590DED78230E66", "62629DE5F67DA293CB06BE8405F6FC4CB1CCE306459AA1284B7EECF4846ABD20", "628B14B8AA20DB98F73DABE8C7FF0C2746646BE602A0BA4F638FBEE3E634C393", "62D22CE7464E30931544D86043D72A241CA4A2ED1A6F28AB59EEDEFFCBBFFAAB", "6305882E456CC7111E361249970AB42E196A23084AAFDDE2E82B0694295074BC", "643BAFA6F73911E05A64A08F733FCCBEB533FE9394332940B7739828783149AB", "65749896CB4EF42AAFB66D446514CD562F870C6E494FDE9B87877891AECDDD1D", "65B30A5B63DE43E789127C5F5AD2977C7194142636581876B7BA2AE224B6420B", "6741052F2A7BCCF76F84825C9FE706D98BCF279A0C055A783796DC802C323E13", "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "6758FD589A76487DB6421ACF317F7E42F52C2C62336F671B43C2B523483BF57E", "67B2FFD11F790787A36E0394080502A01EE907D975E33ADFF6E931A0E15B05F7", "67D7A2AD6D196C643D91F066E834B1EB9853338990881AE1012D2B5186629622", "67EEDC4E808A4DC3E092C0FD2F6DFB5714B1E7F2E2ECD7CE2F8B2F65F2D2B26F", "683AA37B653363FD02791BC7A1F7CD150251CE22393F2B9CFA26550B7F995A3A", "687EF3D9E4C66E2EC0DD556D7C5488A09AD8CF69EA1010A9456E63DF45C0B64F", "68F0C3AC29EEC11A1B3683CC670DBB84880DD11F8968A7B69BF67C664E520FCE", "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "6920277579A35875812264472A148A4383E98310C21147950644BE922AD17700", "6A43E45FE98A49A0127D4FD81A7F70BC513609043DDA830926C4CD80286B1A17", "6ADEAF325A5B46B34D6E419B67D91A45C9FD7E4F02587AF0F33D5FF933653E27", "6B9D154BCE10DADDC28B259A53CDE7ADF906DBCB05E8EF0696407EACF7A37CB7", "6C8567DF72CA8A25F4328377A9D305D3ACCAE181160B03E595CB767274D3C083", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3", "6CC386F9299ECFE5F62C9D0954CED9917B32A3DFEB8BC98C8212D83DD7B53DF6", "6DD517DD7F557A31BB9EF8B8E2970701E7EBF9E1168A77A02C5EFC57A29C1AE3", "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "6EEFD78C32039D143093C070708359E95C31F3BF23015C363D56EE26592CC014", "6FBF074F8D8E8E6000FCF6488B84CA43AEFB7DEF10B2CEFF0E7D0AE1140ADA41", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "70B67C27D11C914662D2A0819F63604D4F6B869B0849263773FD48E942D1344E", "7156D43131599F71B03A8F8BDCE4755976A54F82BE32B0AEF105D1E6E781F384", "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "72E392728BCA627E900CA46B892A2B86465C877D468139416A39573D2D6C73F6", "73781BC7A0CCEF128DBC5E169F177E52BD5AD843F08787EBE0E19CC9088C2FA9", "7379F90289C2C7A342F16A37575837A2FA27EB95290E6923107C2F8F596E9C51", "73EAFB98AF656367DD4CBD6C4D9BDB98FBF39B358F625D93589F37D52771AA8D", "745004E6A8DD36244AE3AE2E238FB3CA9F40B885C5F912CA9FBBD7A9FEE76248", "7463232BD9391B70113F6779133DEEDF82C2F9FB5E2F9C9C4D0363B332E72184", "7473C0056DBBEF7C541ECDFB31E947DC1520282F5E0172B7C965A9DECA661856", "747C7023F8D283A88FE9778F37629C7BF2E2A7E5268A695905F9F28590BF76D3", "74F2A94336E51B0E3062906A1A2B7FB8CDE35DFD901789C840E3CE1DA62E9EF6", "7566B2B0BD8AE66EDD74AA6296BA3C094CC3661C2B4C3EADB69127C0EBE5A710", "76FC3815A1052A74CFCD99C9C0F5C1F4FA7C289E70171A7BA16DE2B8E6DA736B", "7712F0249FC574F5E6BB742100BF0E53D089C499325D28D0E2739DFD47B4CADA", "773DF59135D4359E400DA2F53BD1A07B522C82B129F5EB663E98FC1F914F61B6", "77C0F01606E7883D65A2981E1E5DAEA1712E790E6D5528DDD17691C666E43D15", "78230A0FDE17E1A4791590999547D790CF1340A3123CA146452B6C92AF70CA24", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "790C6DE37FC85CD0EB50AB9506237BA69A094168AF99EC98BABC7F19E45BB02C", "7A150D300EAF951027B5658B77CFFFE80D0F69EFCB3AA3F0D27F874804ADB297", "7A1D4AFC62D444E93951F6A46CA35876DD42680BFCB9DD562AE0F80A2C338D67", "7A36E54AFF586A013BFC64E0308098C6070D7FE82FD631B59758E4F661D42586", "7AA351B847C7732E8B7AE01A83A77CC863325C3B53A57FDDE54F4DF8D16D14C1", "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "7CE0B3947D8196985B00E6EB61ED45938560312360058DDC3063CF3D7BE03A81", "7D158CE8DF0EAA9F8D32E562C6E3311BC04075EC6BE07466A648F40065F0CEAD", "7D3ECDDF0FEF31AB10959BE94A3F76C4BE4F6CA1CC52373D0E460C5CA46E24A8", "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2A7C8E981FCA78A12F6D8992BE35354D42B960D223A90BF210EE5B300BFB9E", "7E466DB7C3E6D0FD95B6290D6AABCA2CA5965052B0CC5CB552473151BFA7576F", "7E48E83AB3B599D048D884D2F2A9C830676F7F8EE7EFC2B799BFE4618D5E9A2F", "7E4FF868DFA0F4BDAEDFDEB60188A16AB82AC45AB8EB35F1D260229F12C10341", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "7EDC7E4A607AC78AB259E545462224179BA0B894DBBE1C19D52406785B960D30", "800A58A21DE4F630ECEAAA1932A596AE5A4743CB06907F342619D1D7ACD5AB64", "801604295C016952DB2E8049DC0524C86569A636C5BC867E0FB7565B433600F8", "8038ED8E32AD1F774FFC8B2962215FB84FA742D436B85DE275C6BE03AEE3C00F", "818495FB1C54B71E6C7753464B1C7C2926402C76844055039753A11157B24B81", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "822A5D5DDFBAB14222D402C61CEAC1259D980506DB6102BD80EB619551AE1961", "82D897D235CFB70936ACD9CA3E6034885E56EBCC4A41A67CD33F1077B9C80885", "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "841ABF9ADD122315E9FF98182FCCE868E8819519D3577D87A3CBDF6FFE75C0B5", "86B15422FEE58FE9F2F1B22520453D09FFA84C6049446DCE8467C766E3B57967", "870093D07F2D1BC6903F68758BFC9ABE9984CCE5FE2C013D13AC7FB645217C4D", "88119FF28113E384895FADEA63C7ABC2906571B02A874CF9D50260071AD58FB7", "887B058F572F29D81FDE73F26FFA89AE94C5B73C248CDC8EB74C172F09B39B6D", "889513D802A76507558C54C040010996613C8881A261DD9C7C561CA24A30140B", "893374FE903D82E10726F93A8E126C72248B18315149992024525319951E3097", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "8A368F9B7240AEC7A45518B26EE613BFEF287DD9E106138A5AD63F4D494034D6", "8A9DA62ACD0528EEF6577A7929613A497D58F78FF0E64379975CCC381DD42953", "8A9E980FE740F4424FB663C857EE84E39154A02964A02540A3A74E4A80F058EE", "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "8B49BD8B4756373645F1A1DA4BC3E31D1FE7BF1F5A0706A9665EE61D5A4B1419", "8C37F3FB47AD4FAFBE2841B844FF2A42CCF655F5F8C6BD3486E85DE4095BAF3C", "8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59", "8CD12EF78572A4084B09F1DEB451D5D52F854099E5B1A1A30714B96E6F38483F", "8D3B55BC79F0B30687542D934A8572E811EA359E895A6EA6E760B9427B444F8B", "8D4EDC587A369AADC2A4B4B6CA60C94602327216807E8B71042463A2BF381325", "8D64F104C14AF2A33552E861AE403F451EDADB214820F820DA429C523DB6D464", "8E3EC3A49910FD61ADB4E5FDC225B58A74D0BA57105F3D9A6F1B3E46361C1307", "8E5EB05CFB883D682B3A2C7D645375420476C4616183B915FE43ADDF8FA697A1", "8F6A844E65558AF61A350206417B63BD70D5B529641691C495C07407B13441B7", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "9010170C5F6615B41D0D1BF7C1A4DCA2E6A385A931EF64941B7395737D4C1BB1", "90B290F66451E3E462C09788B6756181F62A92A8BAA10F2C4BD52977FD8E1B37", "90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619", "924D425FFD71097B50917C124D87FAE558BFB3C7DAEF1BEA09CE12CCD6B264B3", "932EB6FF0C79CFA010373B06A99AA8906C2B3B3171A0D96A0399EF72EC35ED11", "94283DE0584ABF5D790E0534ED68F70746D7978ACD04057D9A9DAD20D45397A9", "942A563AC62B9ED7ADC9AAA1A75FE9F97DA036B632DE9ECD7DC3CC1E19EC9A60", "94633A31471B22DF4D1E9508BA6DE360B6D37FAD329018F21926F838DAF45AB4", "94B983AD780E14AA5F44732446E343898FA3AC275A33BBD3BB9665EF2A6B3EC0", "954C0DFA3C09FDB996662E30772A8D20D84CFA3664BC8DD04E340E72072BB104", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "964A048B00AF3D409A4AA83094E36431FA7631859A2D4595D2F53EE838A705E3", "965AA3643F2C2723C5C9B471B69786B972B6D81B6C917B50EE5BFD6C8447279C", "968F76B061F639B6B747F38EA0B563E31C681273189E02F178403D72D7E18BAF", "976356D0F193356D662AC659E8578D3D0CC6C5711EA8A61D28A63CCA919F9900", "97CF7C515357F1AFFF5BDC937895F029179A2F0A599F6865A2F4BA81F8C07371", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "980930D95C9061C71E85C435692629E07D952BA870609E55949143F9AA635712", "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "99D36C5A3B6C3FF496422C3FF600B7D254E5D81D1CC0F9184ECD1F8F03423FCD", "9A6C0D3F4E9D02D3ABB77CC1F15B5C57FED8926916549AF207B111EC9D3C5B1C", "9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C", "9BBA472DF522BDB11A0F80EDDE168630BF88A9C15518FEE66140BBEE5585001A", "9BFFF73DB09075877DB19A13994A90F7D1CF13A8A5601B84DC0B84F8193E65C1", "9C2F629D74A0CEB50295825F06E9E3F031D43FAA69C3940ECFB41EE6607361C2", "9C638946C07968147BC89DE8BAE5211C4767A334F7213E99654F7C02ADD0E910", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "9DA9D6C05FE03758B84DC068193CB0E2A82B2F411E24F383722448967D77B355", "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "9F34E4D3B1044507E18917B1E2BE1AF6051A228EE5F8F69E5539B48FDFAF3B4D", "9FD1AC6E7F93ABD6198F576C4AC025E8DFA5007533DBD2FE78CC5BE3497FF3D6", "A060C0BC5CF92D0F7B8D81075A33D4E2887EE843B41F417A28EC2BBAB72FCED9", "A0CD9A22E5D088DB9C207BFDB7A5A5C2C5314C8720A58AA744A101705F8C5E9E", "A132B986390AF1F9E72FC2BA2D182292BDE9C04B2252C517AB8A39E9F7A25581", "A15B390D080295157749FA22EBE90BAA7A33E1EC803752A1824ADBE8D7353A10", "A1680316198638EA55AFA837EE37AE44184E9B8BCA2B9FD668F06E417908DF87", "A1A641310DC3EC26A5A32A1491C4AE50BBBBBEA686B4FCC9322DE02CB90D7FBA", "A2133DCF0D67EC30E5F3D15E39561490E1B16A2750CD5C806DC8F9E95825E247", "A22A62D71C3EEC00971E326ED7FCCDE4C2959771727429F852D98592C456C126", "A264D72AF012C33CABCDEE09605EBB277263FB33567A89DC0831C44257A7E37C", "A2D06FB3017FCE651EA8255C84E9C676D1204865B3375BA8E8B8F438AA9B7256", "A31AAAB46398C4CA9F3552FA53EB3F0DB8FD1384559E2048B5321E5BB6936FB2", "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "A3AA1EABC04F772D5CDA8853B864F229765DC4A3D9C4B8F0FBF97542821DB5E9", "A3AEABE024AE1D8520A5BB495A67D45783D1F2AC4B3F9F3B682E75291FD8E20A", "A3BC60725F0EAC71F9F85D52468B5D776A02B53D2F6CC6F5075461F1867C9EA8", "A44F3C58E434BA15FF852853D94A3A21A868AF86E9655A8594367CADBE40A491", "A5803C821BBFCE3CF61C99A5753B13549E824EAC069265D225FFBDF6B568BCDB", "A5DABD1C1B1C58D900A9518CCA7EC1C03488CC2DF1750F65600D7F0C8E0E4763", "A5F646FF4C83A4B1D2C8B47FCAC3D208DF17454D859B9AB5DD63F0E74300162C", "A61564D752A2637A5306DF51328148AB1D1EAAC0735226DD1D9F500C5DAECC37", "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "A6B79EA77FF12E690D40F605757B18FA9561F56797862582866D9A26B345F82D", "A701AFC8C238BDFFC275CACF75BFA2343212CCA8077B0C43D13D17FB1392C9ED", "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "A8769BC2B0DB66C792D9EFA7CBEF5668B22FB52A475E194FEB169B3B4BC31FD6", "A9139EA8D202B9FE20D64E771F1FC89C7E9393774315A6265F9CE70E716E1833", "A9B63F0DBA193CFFCFE78E0BFADD5C8ADA02B92500E16CBF9385EE4AB5A92A9F", "AA3BDAF8E33B6E3ED2F924A99C734FE82BC738F506CB900388E32E3FD4CCDA88", "AAB14D78054A85A0638FC4EFD7F09686429CB02C6B45FF1ECAFA55C27A050635", "AB7E82CD356AAA55900FFB785ECCA647E2DE687F0BE610FBC448CF5A139EB4CF", "AB8881439FA512D752063B5AB323E9C076039DB482070536304B448AE092D8CD", "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "AC1428711C403C1B4769984234D50FE4F5F83D8DF9CF99F7834FADA33056EC4D", "AC1B4BF839D3912B4646DFB21DA46EFE78B9249D5C29B4FAB631753998720DBE", "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "AD5C7F7150FBD846C587F5FAD0D7C7B48F81990F52A351F824E5CBBBAC83F163", "AE2FA11123F866B1C71B66A57712F1082B82D3EB4221232EC14E14446822A705", "AE5F82AA12975B7FB82D3E82026737BA00E7C63E665B55649332FED894644010", "AE98DBCCCCED8FE9C2F0A9A3294999AEF099215A25C0EDDDFD95DF899965A340", "AED0F240DF3C88F319E3FB42ACD61D16097A82B46ED80B7D90B6C196F011838C", "AEDA88262CA7D9131BC64000D7DB1B57E10378E85003F0929852E5336EAE0A2E", "AF14D81F9945B81EA39B6923FB2CB4E62949A34EE9CCFEF7120D6D6700FA48A1", "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "AFFC971A929ABC4A5177F4FBA7D32B82C0ACBC71AEFBBD3E440D08B12B022B51", "B0528F9B036E05AC9A10262631DAF76C50D058E8380B936E9BB1177907389047", "B0A8BF7D544954AF5D193262AAD0DEAC7961A5AAEEC3623B441BB795753711B6", "B0DF32322CE6A2B6D1EC5D029C9322141A4F0B90F6393DD9417AE692DA63CE98", "B18AE52E5F4054F9AA7E88AFDF03E21D1BB07DBFCC88E226C3B097EF37102A0C", "B1A7EA382E1811C14DF51844F0D630A15CC26815C0D6C2E6A724EFCC852D8689", "B256C15E99202EA347E2A029A2996E0D747C26A51F8F4A110F2D6D74B8EA1B6A", "B30C006BF323BCAF8E8EF0489319D47B3A0FB0928442F9EB350A3520109F9F72", "B431011ABF67E8DD4F4E3E4C9F9FD0B1E6E07733191BA7206314070644F2CAF0", "B461A56F6F5D210B9D9B2D34B7F0A3D3B7CEF57C63806083BC443A63C27F4B85", "B4779B52313D85FE1157604480F675A0E2BA765BB08DE9BEA2664A6C3AD0F47B", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B498A5EBA0E68B48D535AA59E01B9097C6BDB3E1AB3D4647DCF6C37E05CB58B8", "B5AA883A7ECBB98CC082171970FB0FD2158AEB520B2B654518056D674E2939C5", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B5D3987D37FA57ECB44634029606786ADADCB0901EF9858232A7D33908EC5FD2", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B73437073599A5973472D300EA14AD94DB00FCC9790D93795D0BCA840608CBF4", "B735C91C5D46BD88FD491D67AB17706F0B9FDF9D50797EB4994A198C09D7FD04", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "B7D409E9A403BA9F7B31027D06EA38DD15E5D87F56D21161B5BA8A2053445315", "BA115DC647AD58068A81D5DEF13A4806EBC639858B1743428BF24FE678B87926", "BA2D0D9B1C88AA8F13B870348943574E037A169844D44BBF01DF458E3C5B564F", "BAFF6760E68C0F676AFA3DA20E18B06BD703574BC65B9BFDBCD22ACCE05F7FEB", "BB600B119BB0BCBE0C1A441D96B93496AC1319A4F50379AB81C6EC6E8A6222AF", "BB76D9518CCBAE68500AB2DACF1AAAF9F5532441FD3A705A4E4A39114EEBDC0C", "BB785F5F4B456D5F3322E9222022F0E38411602612EBF72BC61AEEABF7FEC2A9", "BB96DF8C4863ECA5111B83DE1E5DBA4C67AC8E6999013404D8DD87C98CC7B60D", "BBA20026A90E4F85555F0C8BD6248AE07F7DE01D687CD62F0159CF4B22E7DA25", "BBB0C0E9DDF621A6AE6C42CB1DFF2B33670CE69032E5482B47DC24C860F78C9A", "BC1C22C92E0CEE8467256F78F387FAEA6F852E767E00D35A6A75231D35E5F318", "BC3A1086428BA3DB72FFD49EA27AAB3A8A9FA0DD5D576D47E0467AE96C365754", "BD333283E74EA7CC4FECA64B1589C8F73EF2945CABB8B7545BC00F65676717A0", "BD8AEC08AE2FA3C7B6CDD03A046DE8D2D846B9AC7A7C2948B791173D0622B3A4", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "BFA9A84596ADAC3A47B31C43DD8574B1E532311E1F9B01F003F6AEFDDA4BAACF", "BFA9E5B9CD204137C5C40A62AFA0C09607B8FABF6ADAD16BDE69778F6E3530F1", "C04EDE0E9159DC9AE235755A284662F042D80745649864CE91E7E3E4563221F6", "C0B86CDC80422A5F2537C4EC8D9910A625B0DFB08FA90CDD9641B3A0100702D8", "C0CE38B8081A59A18598B204BF933579D5A04D57C0E8BBBEC053AC1350A2938C", "C1496EC4045B1D46025659B86814D1D0EF8F5054AB7B5935417CDC9116D1E1FD", "C1BEC46524F176FAE4CBB603AC283FC9F12029FC3579BBDE20A1B80FA597B0FC", "C26565231FCCD49F3C622767588121FC9085B877AD8E5C33D034BF636DC48217", "C2D7FDE6929D1789B9A1618D087E5DCB3FC2780B2EC1CA3CFF40FDF3AD014A8E", "C38D6ABC79203A68FBEFD4AF0550B930A12344E61F2BA7EBD4A32B10F48FF4F4", "C3A579D5583598BF4F36F66A731C39A1C3E23351DFAFC16956E2C8DAB030AEBF", "C717E3C358B1EA0AC9E1701DBA722015744796BC3CBA66E7AD79D30CEB45BD60", "C741AA98787A9F837D93EA7D1268C62A551244CB826F0BEFDB076F796F78AB33", "C782E28D921E60ACB8E9DA8D4E896C767C63812207127F74F0A2911E51EF5864", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "C810746DF12642CDB3444A565C3CE3ABFEFAE31EFE9FE6BC4718CE76334BEB88", "C81F2E39823E05878CBE3F0E9B9C04FBB4EE0D76387172E119CF2EFBDEB7C29F", "C8E3076BF00DD8380618AD02C4DDA7DF7604CC6B6A724449CCB6A06853CAED2A", "C91C4E43132696FEC4880710887B3C0280455B0F29B0B1FDDFC3F98D4048B4E8", "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CA1E3EFC07D22B2DA86595362931D640F30F757529856481F669DB4619DAD922", "CA643463AA3DD27CF347651D7B084BEA39601B3E21A99AD0FE90A4163037F126", "CB1A96B060B639265D7CCD4E0C186EA367A7C82E1756FDF32E57D9F350AD3873", "CB765B8720A2E211CEA709C71E6C4409A9A1FE0813B5C8FA4AE6417BE059E68A", "CBB6711004455A0722EAF33EA7E16444AE4DF08D1F9C341B64251DB448ACCBB4", "CCE2284A1DEFC26817EC9BCCD38DA7A3854365480FF9426304A46C0C98F30195", "CCE74B609685420B52F0CE6D14ACF26F43DB5C6A64A19034DCD1E9CB0CA2BE72", "CCF869217B83C7570F586028248E128FA170E16792CBF3BAD70423425B1BD638", "CD617F98180D24BACD7FAE3B791B49B329F7F25DC885A6AD81CD6A815194B6BA", "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "CDC93F5A32848FF0073C48EDC66593F2A0A2AACCAE9802E843826C6E565AE2E9", "CDF01D5D29ED4731048DA0F1A6FDE407B2DA246B226E3DF9945EBC838B4660A1", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "CE9B7DAE68B959C5E4A5F965424DF5CB00879B1AB1296B115DB9CB1B8ACD054F", "CF56D9AEC134D68DA67A2476D2B87833F63F32777672C1C66A8D8FF69C08623B", "CFDD5A9C7B8C9F6AFEAF6B1C68FF8C11BEADF52EE2E731CBCD194CACB1898BD6", "D0934964E9B56702CBED525517F4EA576FF2F33A8BA6C800C34ECA9B7FE90236", "D0B31273B5CAE7971F9FBEBC2F13E62ED0E72188BCE9AE7F9E483C591E4A9F50", "D156BD5A77A183961676EA2393F58C31A72725CEC216EB199E31487998BE491C", "D1B56895A302CB106810B80548010A8993C467A6D8B6EA61EB430703400A5ED8", "D1CB08D31563D582A14B8BAD469844B07F189418B4E4BFBAD4EA8BAA6B327659", "D28370F3789940A6A2F0B48D0BB882F7E298E5B8C7167BC16F9FB06B92DBCF35", "D288D5ADF67DE9C3743BE8316D7F496F7CA64A396C1E8E9019178232D17AF15D", "D406490E70A52CFB0315F27FCD957BFAE7E7B2887A6C73BE83E3F514F1153348", "D4AC8637482E0D53AE579FBD19E568DF643A9D732D1995CBEF53FC6B867F82DA", "D539341B64A88A49490C3C0F20392F7B5A9616A42C069A2509BF53F2F8A4D618", "D6A22AE665DEADE235C2738407D64638A424C6CC505B816BFEA12DEFCC5CD645", "D728283BFB4D0C3BC5C98FA880696DFC59C2A5FA652666E966D126A6D7FC92FA", "D78F8119FF4EBAA3EA6E8A906FCEFE0DB24B626AB87F3DFEBFA899904F726130", "D792D660667D934B582774E627CB3E2E010E497C8C1D9F4B7C138E4B5DC2ECEC", "D919DD3ABC738C78F022F9616EE0C0EF09AB2836986990B6A556B4429C4C843E", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "D9425756DF631BB7CA03B3451BD1F9C557325B8A2BB0CD34A22102962A0F4213", "D9D2F8F1F4727F09E77272D6C8643C3016BCD6A8E4BC6E59B27B37256F4F8F76", "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "DC086AC7F5679D9F84A3DA8B91FAB9C0F09EF5EFB4C8687216156974F51B6283", "DC103410561C74F2BE482D1DC9D39673C4CA0201FA7430A6DA0052ED558DCC5F", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "DDE11A6EB73BE3F98B37D85D58288FC1BB387A976FF07E231F2FC766E2B956AB", "DE8C5DCB7F07498942725CF8F7905DBA001C7B89D3D36370CC303A274CB9A8EB", "DEAB63B690E03D8E8203ACA19836C2D36A8ED9D5C66A32CCF4F7F6B6C9F8DE84", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DF859649010EE2675B4BBF6D4BFAE7D654D24685054B3403A45C4270AD966550", "DFB4A89370117A0C76AEBA610891449C199F7498B60521F9612F1A48A7736A6B", "E036688C47591ADE56001D0CD1013191D6F43940CA2DB9509F5FCF0F2469F92A", "E0F75591E2E6874A35B6A6C7681543B81128F5226E803A2CCE1D1B664BFC8638", "E0FDC61D822C325E91C2F377292B2B9F1F3CF389F1853458926D9A8FF435767B", "E141221C1C63036AE1C76B976A04706F4495C39812FC722478A0C755043A0E14", "E1810AD4BA382A8D222D20A49D11C634E6C5240D3F69652E51FC068062DED465", "E2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012", "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "E36B23DB3CC2EC748DF333353AEDE5A1F8FAA97C1F1DC67E27CD4759E7D0C960", "E3C82809E8425A65E53029135451CC9579AA725E2D85009F892DD0A0FD979ED9", "E3E29938D5D0031514AFE0A7E80C2513F25C4DCE6D5E26A93BE99C9CA93B0FEA", "E41278F69BC61D835FAC88FBCE06075D73C74B99B009DE680A92B2B68FE577DB", "E4452F8B377A6318D5E140C5FE8BCE8A991964A95AC77F047C30B4542034429F", "E5B87A13371E713ADEF3FE7406AE533F7BBE73CA43581E79D929A91E3864ECDC", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "E67F6EE1C05A0DFBB7E42F8DDE81795FCC3D933297C925E42690163F0C1D21A6", "E74C53C459F7FE1C89AE67FEC29B42B1B0BF95AA1A5FE3D3CA36BD71ABE75230", "E775C68CA18D51E91E688F1880BD5AF1955B5F4DF7397FA28CC721E37DAFB99A", "E7B4E1607446FED2E1EA3DED4F35354BBD746B762279FBE37A746CB69873BBAB", "E7E10B1CFDE7DBAE5E93EB8EF50E03FCA4DAE3C0D9270B040B02BCEE5D0199B9", "E8302DECE1CECF16A05E7F8FBA08D33074F30279F18CDDBABA912B9C9DF9F32D", "E84CA6147175A22CB9253587142088EB24B6AE0BD11EC07E71E299F57DD05739", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "E8BA6A75873A4594BE92FFE48C361848E9581DAA153EABDC1D071E1A59172338", "EA69F3ACF81616FFD52E1EC0A74B074CC736B3675D7B61644018A9252D9BD284", "EACE8EC2B7164C19E5BA497C1D57887C847EC033403098801408B0F6BB2B6736", "EB8F31C93BD7E41A11EB86029A059AA21310DE2294422DCEDE1529D9B98A0560", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "EC94C08957C3FC96E55B7BF4B4A74A2D96A2DDE26A96A649E7FE9C97C31958BD", "ECC7277FA4D1E6C0C387927905899E353FF202FB061043E0FC8C0DBCF3150F7E", "ED7164C07048A48E59D18BAADA456D0655A81F29CABBDEFA06735647C2B759EA", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EDA30B3C2FB2766DFAA280B3B5E960EC660172EBFF7B73A524DCE514A3A3F985", "EE31BACFE4E2531B3AC2273027A23C49C59978284694658A79B4BC6797F86ACB", "EF05485B7227E17E422CCBDF0EC02D62F554406DEDDDC7A1772D75D577035F79", "EF5F7BA296D0A7B4B6CC058D9B89B1BFEE714F79C2BC4541813DA99A292450B9", "EF71291A92B5250A0A03CC8B24766E487991713BE06BEFF3A0428155C170ECB7", "EFA06779A2DA162F7F70171BAC9D53E998DA486C75081458549AFE875DB6E5B5", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "F0166F21D9D8651F7C71CAAA5131EEC4CE044F990491482A736F6DD767A3EC0F", "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "F02EA1DD204629897DA1861F147A272B72A3FA34A5315D58B896A636EAE341F5", "F06515C6AEE16B93C29B3C5AE8DD30898074C698C0C44BA3E8EEB165C7BC1C7B", "F0806D2A2F2817DD3A11695DB658C0C7C64B134E8875822DCE8F5D73AC04E97B", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F122C27179362A817F8CF31FDC2906DEDD7B8BBEA33D06FFA42180F0625D22E0", "F16DAE77B5D6C7D782818596F851DFFB29226C0550922519EFC4250E27D09D67", "F18F021F8259C21D1B03D3A3C3F5FD97D6A165E424FE86F9986F545F5A914F8E", "F20E63C2D2D2AA05D977555688CD3131DF08DA240FDFCEB0B017DF8A789BCCEE", "F2901ADEFFDC496A6F27CBD82624C55C4B805D9C77EBED14A24ED2CCC730C354", "F35EB0C55F08CA4C671A4E6D2454A08936C6D1CD868709D0EE04FB71FFC263C1", "F3DCE3C5833C49557020B40FD1488FEA652FBB7103978A659A3D71B569B8213C", "F3E031EE1A516EA99D2090D5BCF18F17CB05168CD220DB3ED9A3C93DFB2F1DEB", "F3EF1FC432D040B91FC6C5AEB324AF8CE32BCFB7A9A0360FC4722981B736F64F", "F435C74BF942E3B3A5FEF2B742E716E29826D42678DE6AB053B1766FC7314452", "F5EB55E6DBF388E7CB6C76AFCD8A50A86C1FE6B41E6933749DC88EF56B7E408E", "F65F1D96E364841337F0770420AA39E180E57CF181628F15C7259D9D9A9E8BDD", "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "F886086D62B136A906CD0EB998C3D948DAA60D49CBC1EB1C4BA913829EF5727E", "F89923018671257EB76989AE7AB9D39396FBAD6F8846CB56D6915361F1CCCC48", "F8F03C35A3C8AEA5027E6C01D991D7E1C3A4A0C9EAE0D875ACF760D1D56B8B9C", "F9CD245944BE763583F94B01BC23C08D6F82CA4989F000C1D0842D4005C4EF11", "FA28CB50714C2E033435E17981D021316797914289ED09AB906E1A7CBA22C8A3", "FA8CCED2D5B77B978F428FA2F61CD879A13EF9DAC53A5435AC48BEE003AC2363", "FC9172D16F62D7749E6C1369AB9D86ABC42163C780B457F765109BE80ACAD9CF", "FD7B4551E68C6A5B21AD8C3E07FF7CB6ED5402B6F6CD6D419A3FCC60FFB43FC4", "FD90B8CB0F60381B89DB489D4F28883B2B08D5BF67796B29DF21E510CCF7594F", "FE6D95CEEFE9596CD6D6134F8326AB13E3C97D550B3E62F57DECDBDBC51C329A", "FEC06635C46DD9EB6B2F50E66A9B098564986FB86BF7FDE8DBF9F7E295CE3162", "FEE45A44E8C46E13896C20C8C9B2A275C16E5652E4DF723FE4A044838B932DB1", "FFB1DE47049D302B3C804FCFC90E8D4C1A715F59A9B241F24946D4A7A6598C10", "FFB480E3AA8E74E184658371B22D113F0FB890C232EB9EE9B8A8294BE098DDAE", "FFF0238333AAC9C302B602B36ADA76C6BDDE2A493106B114D0A3A45C8740777D", "FFFC975129255F81268D3FCA3749E94C10CC5947120F8A0C2ECF652F4D79545D"]}, {"type": "ics", "idList": ["AA21-356A", "AA22-117A", "AA22-152A", "AA22-174A", "AA22-257A", "AA22-279A", "AA22-320A", "AA23-040A", "AA23-165A", "AA23-215A", "ICSA-21-336-06", "ICSA-21-357-02", "ICSA-22-034-01", "ICSA-22-069-09", "ICSA-22-116-01", "ICSA-22-130-06", "ICSA-22-167-17", "ICSA-22-258-05", "ICSA-23-143-02", "ICSA-23-166-10"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:0009F92C7DBF6D1163E64AF402687506", "IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:5E03360E0443A626205E9BCF969114F6", "IMPERVABLOG:7CB37AC69862942C5D316E69A7815579", "IMPERVABLOG:937EDF98C40EFDDA392CC06661F152F0", "IMPERVABLOG:B4C9A56D0F82346F616E74B1CFB10A5D", "IMPERVABLOG:B69DFFED5C2E2C9D2F9917E3F4915200", "IMPERVABLOG:BB63986B2DE2CCB2C65DD3747791097F", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E", "IMPERVABLOG:D1F1D344B2FD670184AA4FB99A50BD1B", "IMPERVABLOG:DB0BBA5A6E2E523FAA7F7A73C45FEA96"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00646"]}, {"type": "kaspersky", "idList": ["KLA11475", "KLA11621", "KLA11718", "KLA12007", "KLA12017", "KLA12390", "KLA12391", "KLA12392", "KLA12393", "KLA12395", "KLA12396", "KLA12442"]}, {"type": "kitploit", "idList": ["KITPLOIT:1207079539580982634", "KITPLOIT:1680589374755422772", "KITPLOIT:5104415481503400470", "KITPLOIT:6411625084720414057", "KITPLOIT:6759391622067035795", "KITPLOIT:7847586937102427883", "KITPLOIT:866017936175971203"]}, {"type": "krebs", "idList": ["KREBS:96D195F8A7993DA13DE32CA9BDD1A0F7"]}, {"type": "mageia", "idList": ["MGASA-2019-0283", "MGASA-2019-0308", "MGASA-2019-0387", "MGASA-2020-0070", "MGASA-2020-0078", "MGASA-2020-0240", "MGASA-2020-0324", "MGASA-2020-0338", "MGASA-2020-0362", "MGASA-2021-0098", "MGASA-2021-0108", "MGASA-2021-0118", "MGASA-2021-0138", "MGASA-2021-0150", "MGASA-2021-0162", "MGASA-2021-0167", "MGASA-2021-0186", "MGASA-2021-0193", "MGASA-2021-0219", "MGASA-2021-0243", "MGASA-2021-0262", "MGASA-2021-0291", "MGASA-2021-0294", "MGASA-2021-0300", "MGASA-2021-0303", "MGASA-2021-0308", "MGASA-2021-0318", "MGASA-2021-0351", "MGASA-2021-0362", "MGASA-2021-0371", "MGASA-2021-0374", "MGASA-2021-0384", "MGASA-2021-0404", "MGASA-2021-0429", "MGASA-2021-0481", "MGASA-2021-0517", "MGASA-2021-0534", "MGASA-2021-0556", "MGASA-2021-0566", "MGASA-2022-0035", "MGASA-2023-0141", "MGASA-2023-0159"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1B8D17909172F80C0F82CB21FDFC33B2", "MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "MALWAREBYTES:6ADDB8622B581CCDBCEF3BBBA64D6F59", "MALWAREBYTES:8922C922FFDE8B91C7154D8C990B62EF", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632", "MALWAREBYTES:B8C767042833344389F6158273089954", "MALWAREBYTES:C73ABCBF2F74F68CAB3C737D1047B725", "MALWAREBYTES:D081BF7F95E3F31C6DB8CEF9AD86BD0D"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-HTTP-LOG4SHELL_SCANNER-", "MSF:EXPLOIT-LINUX-HTTP-MOBILEIRON_CORE_LOG4SHELL-", "MSF:EXPLOIT-MULTI-HTTP-LOG4SHELL_HEADER_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-VMWARE_VCENTER_LOG4SHELL-"]}, {"type": "mmpc", "idList": ["MMPC:1E3441B57C08BC18202B9FE758C2CA71", "MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:42ECD98DCF925DC4063DE66F75FB5433", "MMPC:567C6CC66BD942B4F1BBE84ED9F6665B", "MMPC:A086D121065A6253A8EECABD51EB16DF", "MMPC:BB2F5840056D55375C4A19D2FF07C695", "MMPC:D3341B3E36680D5272BC91A3694352AC", "MMPC:F36351D1B5A5C40989F46EF8729039A7"]}, {"type": "mozilla", "idList": ["MFSA2021-50", "MFSA2021-51"]}, {"type": "mscve", "idList": ["MS:CVE-2021-44228"]}, {"type": "msrc", "idList": ["MSRC:11EE27B79C8FC8176F733C5748E02C96", "MSRC:543F3A129A47F4B14FB170389908717B", "MSRC:9783BD8B3A34301D0C5C34D252854BDF", "MSRC:C6213215CC0BE4847F142F730607AFA2"]}, {"type": "mssecure", "idList": ["MSSECURE:1E3441B57C08BC18202B9FE758C2CA71", "MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:567C6CC66BD942B4F1BBE84ED9F6665B", "MSSECURE:A086D121065A6253A8EECABD51EB16DF", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695", "MSSECURE:D3341B3E36680D5272BC91A3694352AC", "MSSECURE:F36351D1B5A5C40989F46EF8729039A7"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-057.NASL", "AL2022_ALAS2022-2022-093.NASL", "AL2022_ALAS2022-2022-167.NASL", "AL2022_ALAS2022-2022-170.NASL", "AL2022_ALAS2022-2022-208.NASL", "AL2022_ALAS2022-2022-222.NASL", "AL2022_ALAS2022-2022-223.NASL", "AL2022_ALAS2022-2022-225.NASL", "AL2023_ALAS2023-2023-013.NASL", "AL2023_ALAS2023-2023-017.NASL", "AL2023_ALAS2023-2023-030.NASL", "AL2023_ALAS2023-2023-031.NASL", "AL2023_ALAS2023-2023-205.NASL", "AL2023_ALAS2023-2023-232.NASL", "AL2_ALAS-2019-1370.NASL", "AL2_ALAS-2020-1442.NASL", "AL2_ALAS-2020-1492.NASL", "AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1608.NASL", "AL2_ALAS-2021-1612.NASL", "AL2_ALAS-2021-1640.NASL", "AL2_ALAS-2021-1653.NASL", "AL2_ALAS-2021-1679.NASL", "AL2_ALAS-2021-1686.NASL", "AL2_ALAS-2021-1700.NASL", "AL2_ALAS-2021-1703.NASL", "AL2_ALAS-2021-1714.NASL", "AL2_ALAS-2021-1721.NASL", "AL2_ALAS-2021-1722.NASL", "AL2_ALAS-2021-1728.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "AL2_ALAS-2021-1732.NASL", "AL2_ALAS-2022-1769.NASL", "AL2_ALAS-2022-1773.NASL", "AL2_ALAS-2022-1780.NASL", "AL2_ALAS-2022-1784.NASL", "AL2_ALAS-2022-1806.NASL", "AL2_ALAS-2023-1952.NASL", "AL2_ALAS-2023-1953.NASL", "AL2_ALAS-2023-1954.NASL", "AL2_ALAS-2023-1955.NASL", "AL2_ALAS-2023-2031.NASL", "AL2_ALAS-2023-2048.NASL", "AL2_ALAS-2023-2058.NASL", "AL2_ALAS-2023-2079.NASL", "AL2_ALASCORRETTO8-2021-001.NASL", "AL2_ALASJAVA-OPENJDK11-2021-001.NASL", "ALA_ALAS-2019-1326.NASL", "ALA_ALAS-2020-1381.NASL", "ALA_ALAS-2021-1482.NASL", "ALA_ALAS-2021-1498.NASL", "ALA_ALAS-2021-1500.NASL", "ALA_ALAS-2021-1504.NASL", "ALA_ALAS-2021-1509.NASL", "ALA_ALAS-2021-1517.NASL", "ALA_ALAS-2021-1541.NASL", "ALA_ALAS-2021-1552.NASL", "ALA_ALAS-2021-1553.NASL", "ALA_ALAS-2021-1554.NASL", "ALA_ALAS-2022-1562.NASL", "ALA_ALAS-2022-1578.NASL", "ALA_ALAS-2022-1580.NASL", "ALA_ALAS-2022-1601.NASL", "ALA_ALAS-2022-1625.NASL", "ALA_ALAS-2023-1740.NASL", "ALA_ALAS-2023-1742.NASL", "ALA_ALAS-2023-1748.NASL", "ALMA_LINUX_ALSA-2021-4172.NASL", "ALMA_LINUX_ALSA-2021-4198.NASL", "ALMA_LINUX_ALSA-2021-4231.NASL", "ALMA_LINUX_ALSA-2021-4241.NASL", "ALMA_LINUX_ALSA-2021-4288.NASL", "ALMA_LINUX_ALSA-2021-4326.NASL", "ALMA_LINUX_ALSA-2021-4358.NASL", "ALMA_LINUX_ALSA-2021-4368.NASL", "ALMA_LINUX_ALSA-2021-4373.NASL", "ALMA_LINUX_ALSA-2021-4374.NASL", "ALMA_LINUX_ALSA-2021-4382.NASL", "ALMA_LINUX_ALSA-2021-4385.NASL", "ALMA_LINUX_ALSA-2021-4386.NASL", "ALMA_LINUX_ALSA-2021-4387.NASL", "ALMA_LINUX_ALSA-2021-4396.NASL", "ALMA_LINUX_ALSA-2021-4399.NASL", "ALMA_LINUX_ALSA-2021-4408.NASL", "ALMA_LINUX_ALSA-2021-4409.NASL", "ALMA_LINUX_ALSA-2021-4424.NASL", "ALMA_LINUX_ALSA-2021-4426.NASL", "ALMA_LINUX_ALSA-2021-4451.NASL", "ALMA_LINUX_ALSA-2021-4455.NASL", "ALMA_LINUX_ALSA-2021-4464.NASL", "ALMA_LINUX_ALSA-2021-4489.NASL", "ALMA_LINUX_ALSA-2021-4510.NASL", "ALMA_LINUX_ALSA-2021-4511.NASL", "ALMA_LINUX_ALSA-2021-4513.NASL", "ALMA_LINUX_ALSA-2021-4517.NASL", "ALMA_LINUX_ALSA-2021-4585.NASL", "ALMA_LINUX_ALSA-2021-4586.NASL", "ALMA_LINUX_ALSA-2021-4587.NASL", "ALMA_LINUX_ALSA-2021-4590.NASL", "ALMA_LINUX_ALSA-2021-4591.NASL", "ALMA_LINUX_ALSA-2021-4592.NASL", "ALMA_LINUX_ALSA-2021-4593.NASL", "ALMA_LINUX_ALSA-2021-4594.NASL", "ALMA_LINUX_ALSA-2021-4595.NASL", "ALMA_LINUX_ALSA-2021-4649.NASL", "ALMA_LINUX_ALSA-2021-4743.NASL", "ALMA_LINUX_ALSA-2021-4903.NASL", "ALMA_LINUX_ALSA-2021-5226.NASL", "ALMA_LINUX_ALSA-2022-0290.NASL", "ALMA_LINUX_ALSA-2022-8418.NASL", "APACHE_APEREO_CAS_LOG4SHELL.NBIN", "APACHE_DRUID_LOG4SHELL.NBIN", "APACHE_JSPWIKI_LOG4SHELL.NBIN", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_OFBIZ_LOG4SHELL.NBIN", "APACHE_SOLR_LOG4SHELL.NBIN", "CENTOS8_RHSA-2021-4160.NASL", "CENTOS8_RHSA-2021-4162.NASL", "CENTOS8_RHSA-2021-4172.NASL", "CENTOS8_RHSA-2021-4198.NASL", "CENTOS8_RHSA-2021-4231.NASL", "CENTOS8_RHSA-2021-4241.NASL", "CENTOS8_RHSA-2021-4288.NASL", "CENTOS8_RHSA-2021-4326.NASL", "CENTOS8_RHSA-2021-4358.NASL", "CENTOS8_RHSA-2021-4368.NASL", "CENTOS8_RHSA-2021-4373.NASL", "CENTOS8_RHSA-2021-4374.NASL", "CENTOS8_RHSA-2021-4382.NASL", "CENTOS8_RHSA-2021-4385.NASL", "CENTOS8_RHSA-2021-4386.NASL", "CENTOS8_RHSA-2021-4387.NASL", "CENTOS8_RHSA-2021-4396.NASL", "CENTOS8_RHSA-2021-4399.NASL", "CENTOS8_RHSA-2021-4408.NASL", "CENTOS8_RHSA-2021-4409.NASL", "CENTOS8_RHSA-2021-4424.NASL", "CENTOS8_RHSA-2021-4426.NASL", "CENTOS8_RHSA-2021-4451.NASL", "CENTOS8_RHSA-2021-4455.NASL", "CENTOS8_RHSA-2021-4464.NASL", "CENTOS8_RHSA-2021-4489.NASL", "CENTOS8_RHSA-2021-4510.NASL", "CENTOS8_RHSA-2021-4511.NASL", "CENTOS8_RHSA-2021-4513.NASL", "CENTOS8_RHSA-2021-4517.NASL", "CENTOS8_RHSA-2021-4585.NASL", "CENTOS8_RHSA-2021-4586.NASL", "CENTOS8_RHSA-2021-4587.NASL", "CENTOS8_RHSA-2021-4590.NASL", "CENTOS8_RHSA-2021-4591.NASL", "CENTOS8_RHSA-2021-4592.NASL", "CENTOS8_RHSA-2021-4593.NASL", "CENTOS8_RHSA-2021-4594.NASL", "CENTOS8_RHSA-2021-4595.NASL", "CENTOS8_RHSA-2021-4649.NASL", "CENTOS8_RHSA-2021-4743.NASL", "CENTOS8_RHSA-2021-4903.NASL", "CENTOS8_RHSA-2021-5226.NASL", "CENTOS_RHSA-2021-2328.NASL", "CENTOS_RHSA-2021-3296.NASL", "CENTOS_RHSA-2021-3798.NASL", "CENTOS_RHSA-2021-4033.NASL", "CENTOS_RHSA-2021-4904.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-CUIC.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-ISE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-SDWAN-VMANAGE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-UCS-DIRECTOR.NASL", "DEBIAN_DLA-1969.NASL", "DEBIAN_DLA-2228.NASL", "DEBIAN_DLA-2261.NASL", "DEBIAN_DLA-2301.NASL", "DEBIAN_DLA-2303.NASL", "DEBIAN_DLA-2381.NASL", "DEBIAN_DLA-2563.NASL", "DEBIAN_DLA-2565.NASL", "DEBIAN_DLA-2619.NASL", "DEBIAN_DLA-2664.NASL", "DEBIAN_DLA-2666.NASL", "DEBIAN_DLA-2672.NASL", "DEBIAN_DLA-2677.NASL", "DEBIAN_DLA-2691.NASL", "DEBIAN_DLA-2694.NASL", "DEBIAN_DLA-2708.NASL", "DEBIAN_DLA-2734.NASL", "DEBIAN_DLA-2760.NASL", "DEBIAN_DLA-2766.NASL", "DEBIAN_DLA-2774.NASL", "DEBIAN_DLA-2836.NASL", "DEBIAN_DLA-2842.NASL", "DEBIAN_DLA-2876.NASL", "DEBIAN_DLA-2885.NASL", "DEBIAN_DLA-2895.NASL", "DEBIAN_DLA-2905.NASL", "DEBIAN_DLA-3044.NASL", "DEBIAN_DLA-3085.NASL", "DEBIAN_DLA-3110.NASL", "DEBIAN_DLA-3152.NASL", "DEBIAN_DLA-3268.NASL", "DEBIAN_DLA-3461.NASL", "DEBIAN_DLA-3469.NASL", "DEBIAN_DLA-3477.NASL", "DEBIAN_DSA-4500.NASL", "DEBIAN_DSA-4550.NASL", "DEBIAN_DSA-4606.NASL", "DEBIAN_DSA-4741.NASL", "DEBIAN_DSA-4855.NASL", "DEBIAN_DSA-4869.NASL", "DEBIAN_DSA-4881.NASL", "DEBIAN_DSA-4885.NASL", "DEBIAN_DSA-4920.NASL", "DEBIAN_DSA-4930.NASL", "DEBIAN_DSA-4933.NASL", "DEBIAN_DSA-4963.NASL", "DEBIAN_DSA-5016.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "DEBIAN_DSA-5197.NASL", "DEBIAN_DSA-5316.NASL", "EULEROS_SA-2019-2278.NASL", "EULEROS_SA-2019-2292.NASL", "EULEROS_SA-2019-2420.NASL", "EULEROS_SA-2019-2449.NASL", "EULEROS_SA-2019-2525.NASL", "EULEROS_SA-2019-2544.NASL", "EULEROS_SA-2019-2634.NASL", "EULEROS_SA-2020-1052.NASL", "EULEROS_SA-2020-1064.NASL", "EULEROS_SA-2020-1142.NASL", "EULEROS_SA-2020-1201.NASL", "EULEROS_SA-2020-1206.NASL", "EULEROS_SA-2020-1381.NASL", "EULEROS_SA-2020-1582.NASL", "EULEROS_SA-2020-1605.NASL", "EULEROS_SA-2020-1680.NASL", "EULEROS_SA-2020-1693.NASL", "EULEROS_SA-2020-1705.NASL", "EULEROS_SA-2020-1732.NASL", "EULEROS_SA-2020-1733.NASL", "EULEROS_SA-2020-1778.NASL", "EULEROS_SA-2020-1819.NASL", "EULEROS_SA-2020-1827.NASL", "EULEROS_SA-2020-1883.NASL", "EULEROS_SA-2020-1896.NASL", "EULEROS_SA-2020-1930.NASL", "EULEROS_SA-2020-1942.NASL", "EULEROS_SA-2020-1950.NASL", "EULEROS_SA-2020-1985.NASL", "EULEROS_SA-2020-1987.NASL", "EULEROS_SA-2020-2033.NASL", "EULEROS_SA-2020-2059.NASL", "EULEROS_SA-2020-2084.NASL", "EULEROS_SA-2020-2088.NASL", "EULEROS_SA-2020-2189.NASL", "EULEROS_SA-2020-2207.NASL", "EULEROS_SA-2020-2213.NASL", "EULEROS_SA-2020-2379.NASL", "EULEROS_SA-2020-2398.NASL", "EULEROS_SA-2020-2453.NASL", "EULEROS_SA-2020-2458.NASL", "EULEROS_SA-2020-2517.NASL", "EULEROS_SA-2021-1088.NASL", "EULEROS_SA-2021-1154.NASL", "EULEROS_SA-2021-1159.NASL", "EULEROS_SA-2021-1251.NASL", "EULEROS_SA-2021-1270.NASL", "EULEROS_SA-2021-1398.NASL", "EULEROS_SA-2021-1445.NASL", "EULEROS_SA-2021-1504.NASL", "EULEROS_SA-2021-1541.NASL", "EULEROS_SA-2021-1545.NASL", "EULEROS_SA-2021-1584.NASL", "EULEROS_SA-2021-1608.NASL", "EULEROS_SA-2021-1694.NASL", "EULEROS_SA-2021-1712.NASL", "EULEROS_SA-2021-1716.NASL", "EULEROS_SA-2021-1720.NASL", "EULEROS_SA-2021-1721.NASL", "EULEROS_SA-2021-1740.NASL", "EULEROS_SA-2021-1746.NASL", "EULEROS_SA-2021-1754.NASL", "EULEROS_SA-2021-1759.NASL", "EULEROS_SA-2021-1770.NASL", "EULEROS_SA-2021-1789.NASL", "EULEROS_SA-2021-1813.NASL", "EULEROS_SA-2021-1825.NASL", "EULEROS_SA-2021-1826.NASL", "EULEROS_SA-2021-1871.NASL", "EULEROS_SA-2021-1880.NASL", "EULEROS_SA-2021-1882.NASL", "EULEROS_SA-2021-1907.NASL", "EULEROS_SA-2021-1908.NASL", "EULEROS_SA-2021-1909.NASL", "EULEROS_SA-2021-1924.NASL", "EULEROS_SA-2021-1930.NASL", "EULEROS_SA-2021-1935.NASL", "EULEROS_SA-2021-1945.NASL", "EULEROS_SA-2021-1951.NASL", "EULEROS_SA-2021-1956.NASL", "EULEROS_SA-2021-1962.NASL", "EULEROS_SA-2021-1969.NASL", "EULEROS_SA-2021-1992.NASL", "EULEROS_SA-2021-1999.NASL", "EULEROS_SA-2021-2003.NASL", "EULEROS_SA-2021-2005.NASL", "EULEROS_SA-2021-2015.NASL", "EULEROS_SA-2021-2025.NASL", "EULEROS_SA-2021-2030.NASL", "EULEROS_SA-2021-2032.NASL", "EULEROS_SA-2021-2044.NASL", "EULEROS_SA-2021-2049.NASL", "EULEROS_SA-2021-2060.NASL", "EULEROS_SA-2021-2076.NASL", "EULEROS_SA-2021-2091.NASL", "EULEROS_SA-2021-2101.NASL", "EULEROS_SA-2021-2104.NASL", "EULEROS_SA-2021-2117.NASL", "EULEROS_SA-2021-2119.NASL", "EULEROS_SA-2021-2154.NASL", "EULEROS_SA-2021-2156.NASL", "EULEROS_SA-2021-2176.NASL", "EULEROS_SA-2021-2184.NASL", "EULEROS_SA-2021-2186.NASL", "EULEROS_SA-2021-2197.NASL", "EULEROS_SA-2021-2204.NASL", "EULEROS_SA-2021-2206.NASL", "EULEROS_SA-2021-2214.NASL", "EULEROS_SA-2021-2215.NASL", "EULEROS_SA-2021-2223.NASL", "EULEROS_SA-2021-2239.NASL", "EULEROS_SA-2021-2245.NASL", "EULEROS_SA-2021-2254.NASL", "EULEROS_SA-2021-2265.NASL", "EULEROS_SA-2021-2271.NASL", "EULEROS_SA-2021-2280.NASL", "EULEROS_SA-2021-2290.NASL", "EULEROS_SA-2021-2295.NASL", "EULEROS_SA-2021-2305.NASL", "EULEROS_SA-2021-2325.NASL", "EULEROS_SA-2021-2330.NASL", "EULEROS_SA-2021-2338.NASL", "EULEROS_SA-2021-2360.NASL", "EULEROS_SA-2021-2364.NASL", "EULEROS_SA-2021-2373.NASL", "EULEROS_SA-2021-2374.NASL", "EULEROS_SA-2021-2395.NASL", "EULEROS_SA-2021-2396.NASL", "EULEROS_SA-2021-2400.NASL", "EULEROS_SA-2021-2403.NASL", "EULEROS_SA-2021-2405.NASL", "EULEROS_SA-2021-2411.NASL", "EULEROS_SA-2021-2416.NASL", "EULEROS_SA-2021-2417.NASL", "EULEROS_SA-2021-2418.NASL", "EULEROS_SA-2021-2456.NASL", "EULEROS_SA-2021-2457.NASL", "EULEROS_SA-2021-2461.NASL", "EULEROS_SA-2021-2468.NASL", "EULEROS_SA-2021-2469.NASL", "EULEROS_SA-2021-2470.NASL", "EULEROS_SA-2021-2471.NASL", "EULEROS_SA-2021-2472.NASL", "EULEROS_SA-2021-2475.NASL", "EULEROS_SA-2021-2484.NASL", "EULEROS_SA-2021-2503.NASL", "EULEROS_SA-2021-2504.NASL", "EULEROS_SA-2021-2506.NASL", "EULEROS_SA-2021-2507.NASL", "EULEROS_SA-2021-2512.NASL", "EULEROS_SA-2021-2526.NASL", "EULEROS_SA-2021-2531.NASL", "EULEROS_SA-2021-2532.NASL", "EULEROS_SA-2021-2533.NASL", "EULEROS_SA-2021-2534.NASL", "EULEROS_SA-2021-2536.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2550.NASL", "EULEROS_SA-2021-2555.NASL", "EULEROS_SA-2021-2556.NASL", "EULEROS_SA-2021-2557.NASL", "EULEROS_SA-2021-2558.NASL", "EULEROS_SA-2021-2560.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2577.NASL", "EULEROS_SA-2021-2581.NASL", "EULEROS_SA-2021-2590.NASL", "EULEROS_SA-2021-2593.NASL", "EULEROS_SA-2021-2594.NASL", "EULEROS_SA-2021-2598.NASL", "EULEROS_SA-2021-2625.NASL", "EULEROS_SA-2021-2631.NASL", "EULEROS_SA-2021-2632.NASL", "EULEROS_SA-2021-2639.NASL", "EULEROS_SA-2021-2640.NASL", "EULEROS_SA-2021-2653.NASL", "EULEROS_SA-2021-2656.NASL", "EULEROS_SA-2021-2660.NASL", "EULEROS_SA-2021-2666.NASL", "EULEROS_SA-2021-2667.NASL", "EULEROS_SA-2021-2668.NASL", "EULEROS_SA-2021-2682.NASL", "EULEROS_SA-2021-2684.NASL", "EULEROS_SA-2021-2692.NASL", "EULEROS_SA-2021-2693.NASL", "EULEROS_SA-2021-2695.NASL", "EULEROS_SA-2021-2707.NASL", "EULEROS_SA-2021-2709.NASL", "EULEROS_SA-2021-2717.NASL", "EULEROS_SA-2021-2718.NASL", "EULEROS_SA-2021-2720.NASL", "EULEROS_SA-2021-2733.NASL", "EULEROS_SA-2021-2734.NASL", "EULEROS_SA-2021-2735.NASL", "EULEROS_SA-2021-2736.NASL", "EULEROS_SA-2021-2742.NASL", "EULEROS_SA-2021-2744.NASL", "EULEROS_SA-2021-2751.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2759.NASL", "EULEROS_SA-2021-2761.NASL", "EULEROS_SA-2021-2762.NASL", "EULEROS_SA-2021-2766.NASL", "EULEROS_SA-2021-2769.NASL", "EULEROS_SA-2021-2770.NASL", "EULEROS_SA-2021-2771.NASL", "EULEROS_SA-2021-2772.NASL", "EULEROS_SA-2021-2780.NASL", "EULEROS_SA-2021-2785.NASL", "EULEROS_SA-2021-2786.NASL", "EULEROS_SA-2021-2790.NASL", "EULEROS_SA-2021-2795.NASL", "EULEROS_SA-2021-2796.NASL", "EULEROS_SA-2021-2817.NASL", "EULEROS_SA-2021-2820.NASL", "EULEROS_SA-2021-2827.NASL", "EULEROS_SA-2021-2828.NASL", "EULEROS_SA-2021-2834.NASL", "EULEROS_SA-2021-2836.NASL", "EULEROS_SA-2021-2838.NASL", "EULEROS_SA-2021-2839.NASL", "EULEROS_SA-2021-2845.NASL", "EULEROS_SA-2021-2859.NASL", "EULEROS_SA-2021-2865.NASL", "EULEROS_SA-2021-2869.NASL", "EULEROS_SA-2021-2872.NASL", "EULEROS_SA-2021-2873.NASL", "EULEROS_SA-2021-2874.NASL", "EULEROS_SA-2021-2881.NASL", "EULEROS_SA-2021-2886.NASL", "EULEROS_SA-2021-2888.NASL", "EULEROS_SA-2021-2894.NASL", "EULEROS_SA-2021-2905.NASL", "EULEROS_SA-2021-2913.NASL", "EULEROS_SA-2021-2920.NASL", "EULEROS_SA-2021-2921.NASL", "EULEROS_SA-2021-2927.NASL", "EULEROS_SA-2021-2935.NASL", "EULEROS_SA-2021-2937.NASL", "EULEROS_SA-2022-1054.NASL", "EULEROS_SA-2022-1059.NASL", "EULEROS_SA-2022-1062.NASL", "EULEROS_SA-2022-1066.NASL", "EULEROS_SA-2022-1067.NASL", "EULEROS_SA-2022-1072.NASL", "EULEROS_SA-2022-1073.NASL", "EULEROS_SA-2022-1074.NASL", "EULEROS_SA-2022-1075.NASL", "EULEROS_SA-2022-1077.NASL", "EULEROS_SA-2022-1081.NASL", "EULEROS_SA-2022-1084.NASL", "EULEROS_SA-2022-1088.NASL", "EULEROS_SA-2022-1091.NASL", "EULEROS_SA-2022-1092.NASL", "EULEROS_SA-2022-1116.NASL", "EULEROS_SA-2022-1122.NASL", "EULEROS_SA-2022-1126.NASL", "EULEROS_SA-2022-1127.NASL", "EULEROS_SA-2022-1128.NASL", "EULEROS_SA-2022-1130.NASL", "EULEROS_SA-2022-1133.NASL", "EULEROS_SA-2022-1135.NASL", "EULEROS_SA-2022-1136.NASL", "EULEROS_SA-2022-1153.NASL", "EULEROS_SA-2022-1158.NASL", "EULEROS_SA-2022-1164.NASL", "EULEROS_SA-2022-1173.NASL", "EULEROS_SA-2022-1174.NASL", "EULEROS_SA-2022-1176.NASL", "EULEROS_SA-2022-1180.NASL", "EULEROS_SA-2022-1181.NASL", "EULEROS_SA-2022-1193.NASL", "EULEROS_SA-2022-1217.NASL", "EULEROS_SA-2022-1236.NASL", "EULEROS_SA-2022-1245.NASL", "EULEROS_SA-2022-1257.NASL", "EULEROS_SA-2022-1262.NASL", "EULEROS_SA-2022-1273.NASL", "EULEROS_SA-2022-1275.NASL", "EULEROS_SA-2022-1276.NASL", "EULEROS_SA-2022-1278.NASL", "EULEROS_SA-2022-1293.NASL", "EULEROS_SA-2022-1294.NASL", "EULEROS_SA-2022-1309.NASL", "EULEROS_SA-2022-1310.NASL", "EULEROS_SA-2022-1379.NASL", "EULEROS_SA-2022-1381.NASL", "EULEROS_SA-2022-1389.NASL", "EULEROS_SA-2022-1391.NASL", "EULEROS_SA-2022-1405.NASL", "EULEROS_SA-2022-1407.NASL", "EULEROS_SA-2022-1415.NASL", "EULEROS_SA-2022-1417.NASL", "EULEROS_SA-2022-1422.NASL", "EULEROS_SA-2022-1443.NASL", "EULEROS_SA-2022-1468.NASL", "EULEROS_SA-2022-1477.NASL", "EULEROS_SA-2022-1481.NASL", "EULEROS_SA-2022-1500.NASL", "EULEROS_SA-2022-1565.NASL", "EULEROS_SA-2022-1603.NASL", "EULEROS_SA-2022-1626.NASL", "EULEROS_SA-2022-1670.NASL", "EULEROS_SA-2022-1672.NASL", "EULEROS_SA-2022-1697.NASL", "EULEROS_SA-2022-1711.NASL", "EULEROS_SA-2022-1724.NASL", "EULEROS_SA-2022-1889.NASL", "EULEROS_SA-2022-2020.NASL", "EULEROS_SA-2022-2048.NASL", "EULEROS_SA-2022-2487.NASL", "EULEROS_SA-2022-2501.NASL", "EULEROS_SA-2022-2512.NASL", "EULEROS_SA-2022-2516.NASL", "EULEROS_SA-2022-2521.NASL", "EULEROS_SA-2022-2560.NASL", "EULEROS_SA-2022-2789.NASL", "EULEROS_SA-2023-1053.NASL", "EULEROS_SA-2023-1065.NASL", "EULEROS_SA-2023-1067.NASL", "EULEROS_SA-2023-1080.NASL", "EULEROS_SA-2023-1092.NASL", "EULEROS_SA-2023-1245.NASL", "EULEROS_SA-2023-1249.NASL", "EULEROS_SA-2023-1254.NASL", "EULEROS_SA-2023-1266.NASL", "EULEROS_SA-2023-1268.NASL", "EULEROS_SA-2023-1277.NASL", "EULEROS_SA-2023-1278.NASL", "EULEROS_SA-2023-1281.NASL", "EULEROS_SA-2023-1303.NASL", "EULEROS_SA-2023-1315.NASL", "EULEROS_SA-2023-1503.NASL", "EULEROS_SA-2023-1693.NASL", "EULEROS_SA-2023-1701.NASL", "EULEROS_SA-2023-1713.NASL", "EULEROS_SA-2023-1748.NASL", "EULEROS_SA-2023-2207.NASL", "EULEROS_SA-2023-2220.NASL", "EULEROS_SA-2023-2410.NASL", "F5_BIGIP_SOL19559038.NASL", "F5_BIGIP_SOL24624116.NASL", "F5_BIGIP_SOL48050136.NASL", "FEDORA_2019-18036B898E.NASL", "FEDORA_2019-1A10C04281.NASL", "FEDORA_2019-554C3C691F.NASL", "FEDORA_2019-8641591B3C.NASL", "FEDORA_2019-8FB8240D14.NASL", "FEDORA_2019-97DCB2762A.NASL", "FEDORA_2019-A01751837D.NASL", "FEDORA_2019-A1AF621FAF.NASL", "FEDORA_2020-0477F8840E.NASL", "FEDORA_2020-4355EA258E.NASL", "FEDORA_2020-7EB7EAC270.NASL", "FEDORA_2020-847AD856AB.NASL", "FEDORA_2020-C83556709C.NASL", "FEDORA_2020-D7ED9F18FF.NASL", "FEDORA_2020-F4F5E49CB8.NASL", "FEDORA_2021-2AB6F060D9.NASL", "FEDORA_2021-662680E477.NASL", "FEDORA_2021-8D52A8A999.NASL", "FEDORA_2021-968F57EC98.NASL", "FEDORA_2021-A1F51FC418.NASL", "FEDORA_2021-A311BF10D4.NASL", "FEDORA_2021-CAB5C9BEFB.NASL", "FREEBSD_PKG_0A305431BC9811EAA051001B217B3468.NASL", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_2F3CD69E7DEE11EBB92E0022489AD614.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL", "FREEBSD_PKG_58D6ED66C2E811EB9FB06451062F0F7A.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "FREEBSD_PKG_93A1C9A75BEF11ECA47A001517A2E1A4.NASL", "FREEBSD_PKG_96811D4A04EC11EC9B84D4C9EF517024.NASL", "FREEBSD_PKG_96A21236707B11EB96D8D4C9EF517024.NASL", "FREEBSD_PKG_AA646C01EA0D11EB9B84D4C9EF517024.NASL", "FREEBSD_PKG_ABC3EF3795D411EA900425FADB81ABF4.NASL", "FREEBSD_PKG_B0F49CB9673611EC9EEA589CFC007716.NASL", "FREEBSD_PKG_B1194286958E11EB9C34080027F515EA.NASL", "FREEBSD_PKG_C4AC9C79AB3711EA8B5EB42E99A1B9C3.NASL", "FREEBSD_PKG_F671C28295EF11EB9C34080027F515EA.NASL", "GENTOO_GLSA-202003-08.NASL", "GENTOO_GLSA-202003-16.NASL", "GENTOO_GLSA-202003-24.NASL", "GENTOO_GLSA-202006-13.NASL", "GENTOO_GLSA-202007-26.NASL", "GENTOO_GLSA-202011-05.NASL", "GENTOO_GLSA-202101-28.NASL", "GENTOO_GLSA-202103-03.NASL", "GENTOO_GLSA-202104-04.NASL", "GENTOO_GLSA-202104-06.NASL", "GENTOO_GLSA-202105-16.NASL", "GENTOO_GLSA-202105-35.NASL", "GENTOO_GLSA-202105-36.NASL", "GENTOO_GLSA-202107-07.NASL", "GENTOO_GLSA-202107-13.NASL", "GENTOO_GLSA-202107-43.NASL", "GENTOO_GLSA-202208-24.NASL", "GENTOO_GLSA-202208-32.NASL", "GENTOO_GLSA-202209-02.NASL", "GENTOO_GLSA-202210-02.NASL", "GENTOO_GLSA-202210-09.NASL", "GENTOO_GLSA-202210-13.NASL", "GENTOO_GLSA-202212-01.NASL", "GENTOO_GLSA-202212-05.NASL", "GOOGLE_CHROME_74_0_3729_131.NASL", "GOOGLE_CHROME_79_0_3945_79.NASL", "IBM_COGNOS_6828527.NASL", "IBM_MQ_6382922.NASL", "JUNIPER_JSA11289.NASL", "JUNIPER_JSA11293.NASL", "JUNIPER_JSA69705.NASL", "JUNIPER_JSA69715.NASL", "LCE_6_0_9.NASL", "LOG4J_VULNERABLE_ECOSYSTEM_LAUNCHER.NASL", "MACOSX_GOOGLE_CHROME_74_0_3729_131.NASL", "MACOSX_GOOGLE_CHROME_79_0_3945_79.NASL", "MACOS_HT211931.NASL", "MACOS_HT212147.NASL", "MACOS_HT212529.NASL", "MACOS_HT212804.NASL", "MACOS_HT212805.NASL", "MACOS_SPLUNK_824.NASL", "MARINER_CURL_CVE-2021-22898.NASL", "MARINER_LIBJPEG-TURBO_CVE-2020-17541.NASL", "MOBILEIRON_LOG4SHELL.NBIN", "MYSQL_5_7_34.NASL", "MYSQL_8_0_24.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_24.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_27.NASL", "NEWSTART_CGSL_NS-SA-2021-0113_QT5-QTIMAGEFORMATS.NASL", "NEWSTART_CGSL_NS-SA-2022-0013_LIBX11.NASL", "NEWSTART_CGSL_NS-SA-2022-0016_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0017_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0032_QT5-QTIMAGEFORMATS.NASL", "NEWSTART_CGSL_NS-SA-2022-0042_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0042_LIBX11.NASL", "NEWSTART_CGSL_NS-SA-2022-0067_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0069_GLIB2.NASL", "NEWSTART_CGSL_NS-SA-2022-0076_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0080_NSS.NASL", "NEWSTART_CGSL_NS-SA-2022-0084_LIBTIFF.NASL", "NEWSTART_CGSL_NS-SA-2022-0085_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2022-0086_FILE.NASL", "NEWSTART_CGSL_NS-SA-2022-0087_BINUTILS.NASL", "NEWSTART_CGSL_NS-SA-2022-0088_LIBGCRYPT.NASL", "NEWSTART_CGSL_NS-SA-2022-0089_JSON-C.NASL", "NEWSTART_CGSL_NS-SA-2022-0090_LIBX11.NASL", "NEWSTART_CGSL_NS-SA-2022-0091_LIBWEBP.NASL", "NEWSTART_CGSL_NS-SA-2022-0091_NETTLE.NASL", "NEWSTART_CGSL_NS-SA-2022-0096_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2022-0097_GNUTLS.NASL", "NEWSTART_CGSL_NS-SA-2022-0098_NSS.NASL", "NEWSTART_CGSL_NS-SA-2023-0010_NSS.NASL", "NEWSTART_CGSL_NS-SA-2023-0025_OPENSSL.NASL", "NNM_5_13_1.NASL", "NNM_6_0_0.NASL", "NNM_6_0_1.NASL", "NNM_6_2_2.NASL", "NODEJS_2021_FEB.NASL", "NUTANIX_NXSA-AHV-20201105_2267.NASL", "NUTANIX_NXSA-AHV-20201105_30142.NASL", "NUTANIX_NXSA-AHV-20220304_242.NASL", "NUTANIX_NXSA-AOS-5_20_3.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0_2_5.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENSSL_1_0_2Y.NASL", "OPENSSL_1_0_2ZA.NASL", "OPENSSL_1_1_1J.NASL", "OPENSSL_1_1_1L.NASL", "OPENSUSE-2019-1456.NASL", "OPENSUSE-2019-1666.NASL", "OPENSUSE-2019-2550.NASL", "OPENSUSE-2019-2551.NASL", "OPENSUSE-2019-2692.NASL", "OPENSUSE-2020-2240.NASL", "OPENSUSE-2020-2298.NASL", "OPENSUSE-2020-677.NASL", "OPENSUSE-2021-1058.NASL", "OPENSUSE-2021-1088.NASL", "OPENSUSE-2021-1130.NASL", "OPENSUSE-2021-1188.NASL", "OPENSUSE-2021-1189.NASL", "OPENSUSE-2021-1248.NASL", "OPENSUSE-2021-1261.NASL", "OPENSUSE-2021-1366.NASL", "OPENSUSE-2021-1371.NASL", "OPENSUSE-2021-1374.NASL", "OPENSUSE-2021-1441.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1598.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-1612.NASL", "OPENSUSE-2021-1613.NASL", "OPENSUSE-2021-1631.NASL", "OPENSUSE-2021-1762.NASL", "OPENSUSE-2021-1860.NASL", "OPENSUSE-2021-1897.NASL", "OPENSUSE-2021-1958.NASL", "OPENSUSE-2021-2143.NASL", "OPENSUSE-2021-2157.NASL", "OPENSUSE-2021-2196.NASL", "OPENSUSE-2021-2320.NASL", "OPENSUSE-2021-2439.NASL", "OPENSUSE-2021-2575.NASL", "OPENSUSE-2021-2637.NASL", "OPENSUSE-2021-2682.NASL", "OPENSUSE-2021-2685.NASL", "OPENSUSE-2021-2795.NASL", "OPENSUSE-2021-2827.NASL", "OPENSUSE-2021-2830.NASL", "OPENSUSE-2021-2966.NASL", "OPENSUSE-2021-2994.NASL", "OPENSUSE-2021-3291.NASL", "OPENSUSE-2021-3354.NASL", "OPENSUSE-2021-3529.NASL", "OPENSUSE-2021-357.NASL", "OPENSUSE-2021-372.NASL", "OPENSUSE-2021-3934.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4001.NASL", "OPENSUSE-2021-4002.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4104.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4111.NASL", "OPENSUSE-2021-4112.NASL", "OPENSUSE-2021-427.NASL", "OPENSUSE-2021-430.NASL", "OPENSUSE-2021-470.NASL", "OPENSUSE-2021-510.NASL", "OPENSUSE-2021-807.NASL", "OPENSUSE-2021-808.NASL", "OPENSUSE-2021-857.NASL", "OPENSUSE-2021-892.NASL", "OPENSUSE-2021-906.NASL", "OPENSUSE-2021-919.NASL", "OPENSUSE-2021-962.NASL", "OPENSUSE-2022-0038-1.NASL", "OPENSUSE-2022-0064-1.NASL", "OPENSUSE-2022-0184-1.NASL", "OPENSUSE-2022-0480-1.NASL", "OPENSUSE-2022-0736-1.NASL", "OPENSUSE-2022-0942-1.NASL", "OPENSUSE-2022-1091-1.NASL", "ORACLELINUX_ELSA-2021-2328.NASL", "ORACLELINUX_ELSA-2021-3296.NASL", "ORACLELINUX_ELSA-2021-3798.NASL", "ORACLELINUX_ELSA-2021-4033.NASL", "ORACLELINUX_ELSA-2021-4160.NASL", "ORACLELINUX_ELSA-2021-4162.NASL", "ORACLELINUX_ELSA-2021-4231.NASL", "ORACLELINUX_ELSA-2021-4241.NASL", "ORACLELINUX_ELSA-2021-4288.NASL", "ORACLELINUX_ELSA-2021-4326.NASL", "ORACLELINUX_ELSA-2021-4358.NASL", "ORACLELINUX_ELSA-2021-4368.NASL", "ORACLELINUX_ELSA-2021-4373.NASL", "ORACLELINUX_ELSA-2021-4374.NASL", "ORACLELINUX_ELSA-2021-4382.NASL", "ORACLELINUX_ELSA-2021-4385.NASL", "ORACLELINUX_ELSA-2021-4386.NASL", "ORACLELINUX_ELSA-2021-4387.NASL", "ORACLELINUX_ELSA-2021-4396.NASL", "ORACLELINUX_ELSA-2021-4399.NASL", "ORACLELINUX_ELSA-2021-4408.NASL", "ORACLELINUX_ELSA-2021-4409.NASL", "ORACLELINUX_ELSA-2021-4424.NASL", "ORACLELINUX_ELSA-2021-4426.NASL", "ORACLELINUX_ELSA-2021-4451.NASL", "ORACLELINUX_ELSA-2021-4455.NASL", "ORACLELINUX_ELSA-2021-4464.NASL", "ORACLELINUX_ELSA-2021-4489.NASL", "ORACLELINUX_ELSA-2021-4510.NASL", "ORACLELINUX_ELSA-2021-4511.NASL", "ORACLELINUX_ELSA-2021-4513.NASL", "ORACLELINUX_ELSA-2021-4517.NASL", "ORACLELINUX_ELSA-2021-4585.NASL", "ORACLELINUX_ELSA-2021-4586.NASL", "ORACLELINUX_ELSA-2021-4587.NASL", "ORACLELINUX_ELSA-2021-4590.NASL", "ORACLELINUX_ELSA-2021-4591.NASL", "ORACLELINUX_ELSA-2021-4592.NASL", "ORACLELINUX_ELSA-2021-4593.NASL", "ORACLELINUX_ELSA-2021-4594.NASL", "ORACLELINUX_ELSA-2021-4595.NASL", "ORACLELINUX_ELSA-2021-4649.NASL", "ORACLELINUX_ELSA-2021-4743.NASL", "ORACLELINUX_ELSA-2021-4903.NASL", "ORACLELINUX_ELSA-2021-4904.NASL", "ORACLELINUX_ELSA-2021-5206.NASL", "ORACLELINUX_ELSA-2021-5226.NASL", "ORACLELINUX_ELSA-2021-9478.NASL", "ORACLELINUX_ELSA-2021-9528.NASL", "ORACLELINUX_ELSA-2021-9560.NASL", "ORACLELINUX_ELSA-2021-9561.NASL", "ORACLELINUX_ELSA-2021-9562.NASL", "ORACLELINUX_ELSA-2021-9591.NASL", "ORACLELINUX_ELSA-2021-9632.NASL", "ORACLELINUX_ELSA-2022-0064.NASL", "ORACLELINUX_ELSA-2022-0290.NASL", "ORACLELINUX_ELSA-2022-8418.NASL", "ORACLELINUX_ELSA-2022-9017.NASL", "ORACLELINUX_ELSA-2022-9023.NASL", "ORACLELINUX_ELSA-2022-9056.NASL", "ORACLELINUX_ELSA-2022-9221.NASL", "ORACLELINUX_ELSA-2022-9263.NASL", "ORACLELINUX_ELSA-2023-12349.NASL", "ORACLEVM_OVMSA-2021-0040.NASL", "ORACLE_COHERENCE_CPU_APR_2022.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JAN_2022.NASL", "ORACLE_MYSQL_WORKBENCH_8_0_27.NASL", "ORACLE_NOSQL_CPU_APR_2021.NASL", "ORACLE_NOSQL_CPU_OCT_2021.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2021.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "PALO_ALTO_LOG4SHELL.NASL", "PFSENSE_2_4_5_P1.NASL", "PHOTONOS_PHSA-2019-2_0-0187_FILE.NASL", "PHOTONOS_PHSA-2019-2_0-0198_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0264_SQLITE.NASL", "PHOTONOS_PHSA-2020-1_0-0281_NCURSES.NASL", "PHOTONOS_PHSA-2020-1_0-0298_JSON.NASL", "PHOTONOS_PHSA-2020-1_0-0298_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0249_JSON.NASL", "PHOTONOS_PHSA-2020-2_0-0249_SQLITE.NASL", "PHOTONOS_PHSA-2020-2_0-0256_PCRE.NASL", "PHOTONOS_PHSA-2020-3_0-0101_SQLITE.NASL", "PHOTONOS_PHSA-2020-3_0-0108_PCRE.NASL", "PHOTONOS_PHSA-2021-1_0-0366_OPENSSL.NASL", "PHOTONOS_PHSA-2021-1_0-0376_GLIB.NASL", "PHOTONOS_PHSA-2021-1_0-0377_CURL.NASL", "PHOTONOS_PHSA-2021-1_0-0391_GNUTLS.NASL", "PHOTONOS_PHSA-2021-1_0-0393_CURL.NASL", "PHOTONOS_PHSA-2021-1_0-0396_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-1_0-0401_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0404_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-1_0-0414_RPM.NASL", "PHOTONOS_PHSA-2021-1_0-0417_CURL.NASL", "PHOTONOS_PHSA-2021-1_0-0422_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0426_NETTLE.NASL", "PHOTONOS_PHSA-2021-1_0-0428_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0429_OPENSSL.NASL", "PHOTONOS_PHSA-2021-1_0-0435_LIBSEPOL.NASL", "PHOTONOS_PHSA-2021-1_0-0454_NSS.NASL", "PHOTONOS_PHSA-2021-2_0-0332_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-2_0-0333_GLIB.NASL", "PHOTONOS_PHSA-2021-2_0-0334_CURL.NASL", "PHOTONOS_PHSA-2021-2_0-0349_CURL.NASL", "PHOTONOS_PHSA-2021-2_0-0349_GNUTLS.NASL", "PHOTONOS_PHSA-2021-2_0-0351_LIBWEBP.NASL", "PHOTONOS_PHSA-2021-2_0-0354_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0355_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-2_0-0358_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-2_0-0358_ZOOKEEPER.NASL", "PHOTONOS_PHSA-2021-2_0-0372_CURL.NASL", "PHOTONOS_PHSA-2021-2_0-0377_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0380_NETTLE.NASL", "PHOTONOS_PHSA-2021-2_0-0383_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0383_NXTGN.NASL", "PHOTONOS_PHSA-2021-2_0-0383_OPENSSL.NASL", "PHOTONOS_PHSA-2021-2_0-0394_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-2_0-0395_LIBSEPOL.NASL", "PHOTONOS_PHSA-2021-2_0-0400_VIM.NASL", "PHOTONOS_PHSA-2021-2_0-0403_VIM.NASL", "PHOTONOS_PHSA-2021-2_0-0418_NSS.NASL", "PHOTONOS_PHSA-2021-3_0-0210_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-3_0-0213_GLIB.NASL", "PHOTONOS_PHSA-2021-3_0-0215_CURL.NASL", "PHOTONOS_PHSA-2021-3_0-0241_GNUTLS.NASL", "PHOTONOS_PHSA-2021-3_0-0241_RPM.NASL", "PHOTONOS_PHSA-2021-3_0-0243_CURL.NASL", "PHOTONOS_PHSA-2021-3_0-0244_LIBWEBP.NASL", "PHOTONOS_PHSA-2021-3_0-0251_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0253_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-3_0-0254_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-3_0-0254_ZOOKEEPER.NASL", "PHOTONOS_PHSA-2021-3_0-0257_LIBGCRYPT.NASL", "PHOTONOS_PHSA-2021-3_0-0273_CURL.NASL", "PHOTONOS_PHSA-2021-3_0-0281_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0286_NETTLE.NASL", "PHOTONOS_PHSA-2021-3_0-0290_NXTGN.NASL", "PHOTONOS_PHSA-2021-3_0-0290_OPENSSL.NASL", "PHOTONOS_PHSA-2021-3_0-0295_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0303_LIBSEPOL.NASL", "PHOTONOS_PHSA-2021-3_0-0303_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-3_0-0309_VIM.NASL", "PHOTONOS_PHSA-2021-3_0-0312_VIM.NASL", "PHOTONOS_PHSA-2021-3_0-0324_RUST.NASL", "PHOTONOS_PHSA-2021-3_0-0337_NSS.NASL", "PHOTONOS_PHSA-2021-4_0-0007_CURL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_GLIB.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-4_0-0007_OPENSSL.NASL", "PHOTONOS_PHSA-2021-4_0-0030_RPM.NASL", "PHOTONOS_PHSA-2021-4_0-0033_CURL.NASL", "PHOTONOS_PHSA-2021-4_0-0035_GNUTLS.NASL", "PHOTONOS_PHSA-2021-4_0-0043_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-4_0-0048_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-4_0-0051_LIBGCRYPT.NASL", "PHOTONOS_PHSA-2021-4_0-0069_CURL.NASL", "PHOTONOS_PHSA-2021-4_0-0077_GLIBC.NASL", "PHOTONOS_PHSA-2021-4_0-0083_NETTLE.NASL", "PHOTONOS_PHSA-2021-4_0-0094_OPENSSL.NASL", "PHOTONOS_PHSA-2021-4_0-0095_GLIBC.NASL", "PHOTONOS_PHSA-2021-4_0-0110_VIM.NASL", "PHOTONOS_PHSA-2021-4_0-0113_VIM.NASL", "PHOTONOS_PHSA-2021-4_0-0122_RUST.NASL", "PHOTONOS_PHSA-2021-4_0-0135_NSS.NASL", "PHOTONOS_PHSA-2022-3_0-0349_PYTHON3.NASL", "PYTHON_3_10_0A7.NASL", "PYTHON_PYDOC_ID.NBIN", "QNAP_QTS_QUTS_HERO_QSA-21-40.NASL", "REDHAT-RHSA-2019-1243.NASL", "REDHAT-RHSA-2019-4238.NASL", "REDHAT-RHSA-2021-1511.NASL", "REDHAT-RHSA-2021-2328.NASL", "REDHAT-RHSA-2021-2472.NASL", "REDHAT-RHSA-2021-2692.NASL", "REDHAT-RHSA-2021-2693.NASL", "REDHAT-RHSA-2021-2694.NASL", "REDHAT-RHSA-2021-3254.NASL", "REDHAT-RHSA-2021-3296.NASL", "REDHAT-RHSA-2021-3477.NASL", "REDHAT-RHSA-2021-3656.NASL", "REDHAT-RHSA-2021-3658.NASL", "REDHAT-RHSA-2021-3798.NASL", "REDHAT-RHSA-2021-4033.NASL", "REDHAT-RHSA-2021-4034.NASL", "REDHAT-RHSA-2021-4035.NASL", "REDHAT-RHSA-2021-4036.NASL", "REDHAT-RHSA-2021-4037.NASL", "REDHAT-RHSA-2021-4038.NASL", "REDHAT-RHSA-2021-4039.NASL", "REDHAT-RHSA-2021-4160.NASL", "REDHAT-RHSA-2021-4162.NASL", "REDHAT-RHSA-2021-4172.NASL", "REDHAT-RHSA-2021-4198.NASL", "REDHAT-RHSA-2021-4231.NASL", "REDHAT-RHSA-2021-4241.NASL", "REDHAT-RHSA-2021-4288.NASL", "REDHAT-RHSA-2021-4326.NASL", "REDHAT-RHSA-2021-4358.NASL", "REDHAT-RHSA-2021-4368.NASL", "REDHAT-RHSA-2021-4373.NASL", "REDHAT-RHSA-2021-4374.NASL", "REDHAT-RHSA-2021-4382.NASL", "REDHAT-RHSA-2021-4385.NASL", "REDHAT-RHSA-2021-4386.NASL", "REDHAT-RHSA-2021-4387.NASL", "REDHAT-RHSA-2021-4396.NASL", "REDHAT-RHSA-2021-4399.NASL", "REDHAT-RHSA-2021-4408.NASL", "REDHAT-RHSA-2021-4409.NASL", "REDHAT-RHSA-2021-4424.NASL", "REDHAT-RHSA-2021-4426.NASL", "REDHAT-RHSA-2021-4451.NASL", "REDHAT-RHSA-2021-4455.NASL", "REDHAT-RHSA-2021-4464.NASL", "REDHAT-RHSA-2021-4489.NASL", "REDHAT-RHSA-2021-4510.NASL", "REDHAT-RHSA-2021-4511.NASL", "REDHAT-RHSA-2021-4513.NASL", "REDHAT-RHSA-2021-4517.NASL", "REDHAT-RHSA-2021-4585.NASL", "REDHAT-RHSA-2021-4586.NASL", "REDHAT-RHSA-2021-4587.NASL", "REDHAT-RHSA-2021-4588.NASL", "REDHAT-RHSA-2021-4589.NASL", "REDHAT-RHSA-2021-4590.NASL", "REDHAT-RHSA-2021-4591.NASL", "REDHAT-RHSA-2021-4592.NASL", "REDHAT-RHSA-2021-4593.NASL", "REDHAT-RHSA-2021-4594.NASL", "REDHAT-RHSA-2021-4595.NASL", "REDHAT-RHSA-2021-4596.NASL", "REDHAT-RHSA-2021-4598.NASL", "REDHAT-RHSA-2021-4599.NASL", "REDHAT-RHSA-2021-4600.NASL", "REDHAT-RHSA-2021-4601.NASL", "REDHAT-RHSA-2021-4602.NASL", "REDHAT-RHSA-2021-4614.NASL", "REDHAT-RHSA-2021-4649.NASL", "REDHAT-RHSA-2021-4669.NASL", "REDHAT-RHSA-2021-4694.NASL", "REDHAT-RHSA-2021-4723.NASL", "REDHAT-RHSA-2021-4724.NASL", "REDHAT-RHSA-2021-4729.NASL", "REDHAT-RHSA-2021-4730.NASL", "REDHAT-RHSA-2021-4743.NASL", "REDHAT-RHSA-2021-4750.NASL", "REDHAT-RHSA-2021-4861.NASL", "REDHAT-RHSA-2021-4903.NASL", "REDHAT-RHSA-2021-4904.NASL", "REDHAT-RHSA-2021-4907.NASL", "REDHAT-RHSA-2021-4909.NASL", "REDHAT-RHSA-2021-4919.NASL", "REDHAT-RHSA-2021-4932.NASL", "REDHAT-RHSA-2021-4933.NASL", "REDHAT-RHSA-2021-4946.NASL", "REDHAT-RHSA-2021-4953.NASL", "REDHAT-RHSA-2021-4954.NASL", "REDHAT-RHSA-2021-4969.NASL", "REDHAT-RHSA-2021-4994.NASL", "REDHAT-RHSA-2021-5006.NASL", "REDHAT-RHSA-2021-5035.NASL", "REDHAT-RHSA-2021-5226.NASL", "REDHAT-RHSA-2022-0064.NASL", "REDHAT-RHSA-2022-1296.NASL", "REDHAT-RHSA-2022-1297.NASL", "REDHAT-RHSA-2022-1354.NASL", "REDHAT-RHSA-2022-4918.NASL", "REDHAT-RHSA-2022-4919.NASL", "REDHAT-RHSA-2022-8418.NASL", "ROCKY_LINUX_RLSA-2021-4358.NASL", "ROCKY_LINUX_RLSA-2021-4409.NASL", "ROCKY_LINUX_RLSA-2021-4451.NASL", "ROCKY_LINUX_RLSA-2021-4511.NASL", "ROCKY_LINUX_RLSA-2021-4517.NASL", "ROCKY_LINUX_RLSA-2021-4903.NASL", "ROCKY_LINUX_RLSA-2021-5226.NASL", "SECURITYCENTER_5_19_0_TNS_2021_08.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SECURITYCENTER_OPENSSL_1_1_1J_TNS_2021_03.NASL", "SECURITYCENTER_OPENSSL_1_1_1L_TNS_2021_16.NASL", "SLACKWARE_SSA_2021-090-01.NASL", "SLACKWARE_SSA_2021-139-01.NASL", "SLACKWARE_SSA_2021-202-02.NASL", "SLACKWARE_SSA_2021-337-01.NASL", "SLACKWARE_SSA_2023-006-01.NASL", "SL_20210609_QT5_QTIMAGEFORMATS_ON_SL7_X.NASL", "SL_20210831_LIBX11_ON_SL7_X.NASL", "SL_20211102_BINUTILS_ON_SL7_X.NASL", "SL_20211202_NSS_ON_SL7_X.NASL", "SL_20220112_OPENSSL_ON_SL7_X.NASL", "SOLARIS_JUL2021_SRU11_3_36_26_0.NASL", "SOLR_CVE-2021-44228.NASL", "SPLUNK_824.NASL", "SUSE_SU-2019-2997-1.NASL", "SUSE_SU-2019-3094-1.NASL", "SUSE_SU-2020-1294-1.NASL", "SUSE_SU-2020-3736-1.NASL", "SUSE_SU-2020-3844-1.NASL", "SUSE_SU-2020-3866-1.NASL", "SUSE_SU-2020-3882-1.NASL", "SUSE_SU-2021-0022-1.NASL", "SUSE_SU-2021-0649-1.NASL", "SUSE_SU-2021-0651-1.NASL", "SUSE_SU-2021-0673-1.NASL", "SUSE_SU-2021-0674-1.NASL", "SUSE_SU-2021-0725-1.NASL", "SUSE_SU-2021-0752-1.NASL", "SUSE_SU-2021-0753-1.NASL", "SUSE_SU-2021-0754-1.NASL", "SUSE_SU-2021-0755-1.NASL", "SUSE_SU-2021-0769-1.NASL", "SUSE_SU-2021-0793-1.NASL", "SUSE_SU-2021-0934-1.NASL", "SUSE_SU-2021-0935-1.NASL", "SUSE_SU-2021-0939-1.NASL", "SUSE_SU-2021-1006-1.NASL", "SUSE_SU-2021-1396-1.NASL", "SUSE_SU-2021-14667-1.NASL", "SUSE_SU-2021-14670-1.NASL", "SUSE_SU-2021-14707-1.NASL", "SUSE_SU-2021-14735-1.NASL", "SUSE_SU-2021-14748-1.NASL", "SUSE_SU-2021-14751-1.NASL", "SUSE_SU-2021-14760-1.NASL", "SUSE_SU-2021-14768-1.NASL", "SUSE_SU-2021-14791-1.NASL", "SUSE_SU-2021-14792-1.NASL", "SUSE_SU-2021-14801-1.NASL", "SUSE_SU-2021-14802-1.NASL", "SUSE_SU-2021-14822-1.NASL", "SUSE_SU-2021-14858-1.NASL", "SUSE_SU-2021-14866-1.NASL", "SUSE_SU-2021-1490-1.NASL", "SUSE_SU-2021-1557-1.NASL", "SUSE_SU-2021-1762-1.NASL", "SUSE_SU-2021-1763-1.NASL", "SUSE_SU-2021-1765-1.NASL", "SUSE_SU-2021-1766-1.NASL", "SUSE_SU-2021-1786-1.NASL", "SUSE_SU-2021-1809-1.NASL", "SUSE_SU-2021-1830-1.NASL", "SUSE_SU-2021-1860-1.NASL", "SUSE_SU-2021-1892-1.NASL", "SUSE_SU-2021-1897-1.NASL", "SUSE_SU-2021-1957-1.NASL", "SUSE_SU-2021-1958-1.NASL", "SUSE_SU-2021-2135-1.NASL", "SUSE_SU-2021-2143-1.NASL", "SUSE_SU-2021-2145-1.NASL", "SUSE_SU-2021-2155-1.NASL", "SUSE_SU-2021-2156-1.NASL", "SUSE_SU-2021-2157-1.NASL", "SUSE_SU-2021-2180-1.NASL", "SUSE_SU-2021-2196-1.NASL", "SUSE_SU-2021-2320-1.NASL", "SUSE_SU-2021-2425-1.NASL", "SUSE_SU-2021-2439-1.NASL", "SUSE_SU-2021-2440-1.NASL", "SUSE_SU-2021-2462-1.NASL", "SUSE_SU-2021-2480-1.NASL", "SUSE_SU-2021-2682-1.NASL", "SUSE_SU-2021-2825-1.NASL", "SUSE_SU-2021-2826-1.NASL", "SUSE_SU-2021-2827-1.NASL", "SUSE_SU-2021-2829-1.NASL", "SUSE_SU-2021-2830-1.NASL", "SUSE_SU-2021-2831-1.NASL", "SUSE_SU-2021-2833-1.NASL", "SUSE_SU-2021-2852-1.NASL", "SUSE_SU-2021-2930-1.NASL", "SUSE_SU-2021-2966-1.NASL", "SUSE_SU-2021-2967-1.NASL", "SUSE_SU-2021-2968-1.NASL", "SUSE_SU-2021-2994-1.NASL", "SUSE_SU-2021-2995-1.NASL", "SUSE_SU-2021-2996-1.NASL", "SUSE_SU-2021-3019-1.NASL", "SUSE_SU-2021-3144-1.NASL", "SUSE_SU-2021-3215-1.NASL", "SUSE_SU-2021-3289-1.NASL", "SUSE_SU-2021-3290-1.NASL", "SUSE_SU-2021-3291-1.NASL", "SUSE_SU-2021-3333-1.NASL", "SUSE_SU-2021-3354-1.NASL", "SUSE_SU-2021-3385-1.NASL", "SUSE_SU-2021-3444-1.NASL", "SUSE_SU-2021-3486-1.NASL", "SUSE_SU-2021-3529-1.NASL", "SUSE_SU-2021-3652-1.NASL", "SUSE_SU-2021-3934-1.NASL", "SUSE_SU-2021-3939-1.NASL", "SUSE_SU-2021-4001-1.NASL", "SUSE_SU-2021-4002-1.NASL", "SUSE_SU-2021-4015-1.NASL", "SUSE_SU-2021-4015-2.NASL", "SUSE_SU-2021-4051-1.NASL", "SUSE_SU-2021-4104-1.NASL", "SUSE_SU-2021-4111-1.NASL", "SUSE_SU-2021-4112-1.NASL", "SUSE_SU-2021-4115-1.NASL", "SUSE_SU-2021-4155-1.NASL", "SUSE_SU-2022-0060-1.NASL", "SUSE_SU-2022-0064-1.NASL", "SUSE_SU-2022-0184-1.NASL", "SUSE_SU-2022-0184-2.NASL", "SUSE_SU-2022-0480-1.NASL", "SUSE_SU-2022-0496-1.NASL", "SUSE_SU-2022-0736-1.NASL", "SUSE_SU-2022-0828-1.NASL", "SUSE_SU-2022-0942-1.NASL", "SUSE_SU-2022-1044-1.NASL", "SUSE_SU-2022-1091-1.NASL", "SUSE_SU-2022-1094-1.NASL", "SUSE_SU-2022-1271-1.NASL", "SUSE_SU-2022-1315-1.NASL", "SUSE_SU-2022-1455-1.NASL", "SUSE_SU-2022-1455-2.NASL", "SUSE_SU-2022-1485-1.NASL", "SUSE_SU-2022-14888-1.NASL", "SUSE_SU-2022-1758-1.NASL", "SUSE_SU-2022-1758-2.NASL", "SUSE_SU-2022-2102-1.NASL", "SUSE_SU-2022-2351-1.NASL", "SUSE_SU-2022-2536-1.NASL", "SUSE_SU-2022-3001-1.NASL", "SUSE_SU-2022-3939-1.NASL", "SUSE_SU-2022-4619-1.NASL", "SUSE_SU-2023-2135-1.NASL", "TENABLE_NESSUS_AGENT_TNS_2021_04.NASL", "UBIQUITI_UNIFI_NETWORK_LOG4SHELL.NBIN", "UBUNTU_USN-4172-1.NASL", "UBUNTU_USN-4205-1.NASL", "UBUNTU_USN-4298-1.NASL", "UBUNTU_USN-4360-1.NASL", "UBUNTU_USN-4360-4.NASL", "UBUNTU_USN-4394-1.NASL", "UBUNTU_USN-4447-1.NASL", "UBUNTU_USN-4738-1.NASL", "UBUNTU_USN-4755-1.NASL", "UBUNTU_USN-4764-1.NASL", "UBUNTU_USN-4898-1.NASL", "UBUNTU_USN-4966-1.NASL", "UBUNTU_USN-4966-2.NASL", "UBUNTU_USN-4971-1.NASL", "UBUNTU_USN-4971-2.NASL", "UBUNTU_USN-4990-1.NASL", "UBUNTU_USN-5021-1.NASL", "UBUNTU_USN-5021-2.NASL", "UBUNTU_USN-5029-1.NASL", "UBUNTU_USN-5051-1.NASL", "UBUNTU_USN-5051-2.NASL", "UBUNTU_USN-5051-3.NASL", "UBUNTU_USN-5080-1.NASL", "UBUNTU_USN-5080-2.NASL", "UBUNTU_USN-5088-1.NASL", "UBUNTU_USN-5093-1.NASL", "UBUNTU_USN-5168-1.NASL", "UBUNTU_USN-5168-2.NASL", "UBUNTU_USN-5168-3.NASL", "UBUNTU_USN-5168-4.NASL", "UBUNTU_USN-5189-1.NASL", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5223-1.NASL", "UBUNTU_USN-5241-1.NASL", "UBUNTU_USN-5310-1.NASL", "UBUNTU_USN-5342-1.NASL", "UBUNTU_USN-5391-1.NASL", "UBUNTU_USN-5421-1.NASL", "UBUNTU_USN-5425-1.NASL", "UBUNTU_USN-5477-1.NASL", "UBUNTU_USN-5553-1.NASL", "UBUNTU_USN-5631-1.NASL", "UBUNTU_USN-5699-1.NASL", "UBUNTU_USN-5841-1.NASL", "UBUNTU_USN-5894-1.NASL", "UBUNTU_USN-6049-1.NASL", "UBUNTU_USN-6099-1.NASL", "VMWARE_HORIZON_LOG4SHELL.NBIN", "VMWARE_VCENTER_LOG4SHELL.NBIN", "VMWARE_VREALIZE_OPERATIONS_MANAGER_LOG4SHELL.NBIN"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:FEBRUARY-2021-SECURITY-RELEASES"]}, {"type": "nvidia", "idList": ["NVIDIA:5294", "NVIDIA:5295"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2021-23840", "OPENSSL:CVE-2021-23841", "OPENSSL:CVE-2021-3712"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704500", "OPENVAS:1361412562310704550", "OPENVAS:1361412562310704606", "OPENVAS:1361412562310815042", "OPENVAS:1361412562310815043", "OPENVAS:1361412562310815044", "OPENVAS:1361412562310815871", "OPENVAS:1361412562310815872", "OPENVAS:1361412562310815873", "OPENVAS:1361412562310844220", "OPENVAS:1361412562310844254", "OPENVAS:1361412562310844360", "OPENVAS:1361412562310844431", "OPENVAS:1361412562310844449", "OPENVAS:1361412562310844467", "OPENVAS:1361412562310852519", "OPENVAS:1361412562310852598", "OPENVAS:1361412562310852783", "OPENVAS:1361412562310852858", "OPENVAS:1361412562310852924", "OPENVAS:1361412562310853169", "OPENVAS:1361412562310876388", "OPENVAS:1361412562310876455", "OPENVAS:1361412562310876549", "OPENVAS:1361412562310876604", "OPENVAS:1361412562310876614", "OPENVAS:1361412562310876645", "OPENVAS:1361412562310876960", "OPENVAS:1361412562310876983", "OPENVAS:1361412562310877072", "OPENVAS:1361412562310877218", "OPENVAS:1361412562310877318", "OPENVAS:1361412562310877374", "OPENVAS:1361412562310877842", "OPENVAS:1361412562310877880", "OPENVAS:1361412562310877901", "OPENVAS:1361412562310877945", "OPENVAS:1361412562310891969", "OPENVAS:1361412562310892228", "OPENVAS:1361412562310892261", "OPENVAS:1361412562311220192278", "OPENVAS:1361412562311220192292", "OPENVAS:1361412562311220192420", "OPENVAS:1361412562311220192449", "OPENVAS:1361412562311220192525", "OPENVAS:1361412562311220192544", "OPENVAS:1361412562311220192634", "OPENVAS:1361412562311220201052", "OPENVAS:1361412562311220201064", "OPENVAS:1361412562311220201142", "OPENVAS:1361412562311220201201", "OPENVAS:1361412562311220201206", "OPENVAS:1361412562311220201381", "OPENVAS:1361412562311220201582", "OPENVAS:1361412562311220201605", "OPENVAS:1361412562311220201680", "OPENVAS:1361412562311220201693", "OPENVAS:1361412562311220201705", "OPENVAS:1361412562311220201732", "OPENVAS:1361412562311220201733", "OPENVAS:1361412562311220201778"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2022", "ORACLE:CPUJUL2023", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2328", "ELSA-2021-3296", "ELSA-2021-3798", "ELSA-2021-4033", "ELSA-2021-4160", "ELSA-2021-4162", "ELSA-2021-4231", "ELSA-2021-4241", "ELSA-2021-4288", "ELSA-2021-4326", "ELSA-2021-4358", "ELSA-2021-4368", "ELSA-2021-4373", "ELSA-2021-4374", "ELSA-2021-4382", "ELSA-2021-4385", "ELSA-2021-4386", "ELSA-2021-4387", "ELSA-2021-4396", "ELSA-2021-4399", "ELSA-2021-4408", "ELSA-2021-4409", "ELSA-2021-4424", "ELSA-2021-4426", "ELSA-2021-4451", "ELSA-2021-4455", "ELSA-2021-4464", "ELSA-2021-4489", "ELSA-2021-4510", "ELSA-2021-4511", "ELSA-2021-4513", "ELSA-2021-4517", "ELSA-2021-4585", "ELSA-2021-4586", "ELSA-2021-4587", "ELSA-2021-4590", "ELSA-2021-4591", "ELSA-2021-4592", "ELSA-2021-4593", "ELSA-2021-4594", "ELSA-2021-4595", "ELSA-2021-4649", "ELSA-2021-4743", "ELSA-2021-4903", "ELSA-2021-4904", "ELSA-2021-5226", "ELSA-2021-9478", "ELSA-2021-9528", "ELSA-2021-9560", "ELSA-2021-9561", "ELSA-2021-9562", "ELSA-2021-9591", "ELSA-2021-9632", "ELSA-2022-0064", "ELSA-2022-8418", "ELSA-2022-9017", "ELSA-2022-9023", "ELSA-2022-9221", "ELSA-2022-9263", "ELSA-2023-12349"]}, {"type": "osv", "idList": ["OSV:CVE-2019-18218", "OSV:CVE-2020-12762", "OSV:CVE-2020-14155", "OSV:CVE-2021-22925", "OSV:CVE-2021-23841", "OSV:CVE-2021-28153", "OSV:CVE-2021-33560", "OSV:CVE-2021-3426", "OSV:CVE-2021-3712", "OSV:CVE-2021-3778", "OSV:CVE-2021-3796", "OSV:CVE-2021-43527", "OSV:DLA-1969-1", "OSV:DLA-2228-1", "OSV:DLA-2228-2", "OSV:DLA-2261-1", "OSV:DLA-2303-1", "OSV:DLA-2340-1", "OSV:DLA-2340-2", "OSV:DLA-2381-1", "OSV:DLA-2563-1", "OSV:DLA-2565-1", "OSV:DLA-2619-1", "OSV:DLA-2664-1", "OSV:DLA-2666-1", "OSV:DLA-2677-1", "OSV:DLA-2708-1", "OSV:DLA-2734-1", "OSV:DLA-2760-1", "OSV:DLA-2766-1", "OSV:DLA-2836-1", "OSV:DLA-2842-1", "OSV:DLA-2876-1", "OSV:DLA-2885-1", "OSV:DLA-2895-1", "OSV:DLA-3044-1", "OSV:DLA-3085-1", "OSV:DLA-3110-1", "OSV:DLA-3152-1", "OSV:DLA-3469-1", "OSV:DLA-3477-1", "OSV:DSA-4500-1", "OSV:DSA-4550-1", "OSV:DSA-4606-1", "OSV:DSA-4741-1", "OSV:DSA-4869-1", "OSV:DSA-4881-1", "OSV:DSA-4885-1", "OSV:DSA-4933-1", "OSV:DSA-4963-1", "OSV:DSA-5016-1", "OSV:DSA-5022-1", "OSV:DSA-5316-1", "OSV:GHSA-3QPM-H9CH-PX3C", "OSV:GHSA-5XP3-JFQ3-5Q8X", "OSV:GHSA-7RJR-3Q55-VV33", "OSV:GHSA-84RM-QF37-FGC2", "OSV:GHSA-9VJP-V76F-G363", "OSV:GHSA-F256-J965-7F32", "OSV:GHSA-FP5R-V3W9-4333", "OSV:GHSA-GRG4-WF29-R9VV", "OSV:GHSA-J3CH-VJPH-8Q6V", "OSV:GHSA-J7C3-96RF-JRRP", "OSV:GHSA-JFH8-C2JP-5V3Q", "OSV:GHSA-MF4F-J588-5XM8", "OSV:GHSA-Q9WJ-F4QW-6VFJ", "OSV:GHSA-QGM6-9472-PWQ7", "OSV:GHSA-V57X-GXFJ-484Q", "OSV:PYSEC-2021-437", "OSV:RUSTSEC-2021-0057", "OSV:RUSTSEC-2021-0058", "OSV:RUSTSEC-2021-0098"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162737", "PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165532", "PACKETSTORM:165642", "PACKETSTORM:165673", "PACKETSTORM:167917", "PACKETSTORM:170178", "PACKETSTORM:171626"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "photon", "idList": ["PHSA-2019-0037", "PHSA-2019-0187", "PHSA-2019-0190", "PHSA-2019-0198", "PHSA-2019-0255", "PHSA-2019-1.0-0255", "PHSA-2019-2.0-0187", "PHSA-2019-2.0-0190", "PHSA-2019-3.0-0037", "PHSA-2020-0047", "PHSA-2020-0049", "PHSA-2020-0093", "PHSA-2020-0101", "PHSA-2020-0108", "PHSA-2020-0249", "PHSA-2020-0256", "PHSA-2020-0264", "PHSA-2020-0281", "PHSA-2020-0298", "PHSA-2020-0305", "PHSA-2020-1.0-0264", "PHSA-2020-1.0-0281", "PHSA-2020-1.0-0298", "PHSA-2020-1.0-0305", "PHSA-2020-2.0-0198", "PHSA-2020-2.0-0249", "PHSA-2020-2.0-0256", "PHSA-2020-3.0-0047", "PHSA-2020-3.0-0049", "PHSA-2020-3.0-0093", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0108", "PHSA-2021-0007", "PHSA-2021-0030", "PHSA-2021-0031", "PHSA-2021-0033", "PHSA-2021-0035", "PHSA-2021-0038", "PHSA-2021-0043", "PHSA-2021-0048", "PHSA-2021-0051", "PHSA-2021-0069", "PHSA-2021-0077", "PHSA-2021-0083", "PHSA-2021-0094", "PHSA-2021-0110", "PHSA-2021-0113", "PHSA-2021-0122", "PHSA-2021-0135", "PHSA-2021-0140", "PHSA-2021-0200", "PHSA-2021-0210", "PHSA-2021-0213", "PHSA-2021-0215", "PHSA-2021-0241", "PHSA-2021-0243", "PHSA-2021-0244", "PHSA-2021-0251", "PHSA-2021-0253", "PHSA-2021-0254", "PHSA-2021-0257", "PHSA-2021-0273", "PHSA-2021-0281", "PHSA-2021-0286", "PHSA-2021-0290", "PHSA-2021-0303", "PHSA-2021-0309", "PHSA-2021-0324", "PHSA-2021-0325", "PHSA-2021-0332", "PHSA-2021-0333", "PHSA-2021-0334", "PHSA-2021-0349", "PHSA-2021-0366", "PHSA-2021-0376", "PHSA-2021-0377", "PHSA-2021-0391", "PHSA-2021-0393", "PHSA-2021-0396", "PHSA-2021-0401", "PHSA-2021-0404", "PHSA-2021-0407", "PHSA-2021-0414", "PHSA-2021-0417", "PHSA-2021-0422", "PHSA-2021-0426", "PHSA-2021-0429", "PHSA-2021-0435", "PHSA-2021-0454", "PHSA-2021-1.0-0366", "PHSA-2021-1.0-0376", "PHSA-2021-1.0-0377", "PHSA-2021-1.0-0391", "PHSA-2021-1.0-0393", "PHSA-2021-1.0-0396", "PHSA-2021-1.0-0401", "PHSA-2021-1.0-0404", "PHSA-2021-1.0-0414", "PHSA-2021-1.0-0417", "PHSA-2021-1.0-0422", "PHSA-2021-1.0-0426", "PHSA-2021-1.0-0429", "PHSA-2021-1.0-0435", "PHSA-2021-1.0-0454", "PHSA-2021-2.0-0325", "PHSA-2021-2.0-0332", "PHSA-2021-2.0-0333", "PHSA-2021-2.0-0334", "PHSA-2021-2.0-0349", "PHSA-2021-2.0-0351", "PHSA-2021-2.0-0354", "PHSA-2021-2.0-0355", "PHSA-2021-2.0-0358", "PHSA-2021-2.0-0372", "PHSA-2021-2.0-0377", "PHSA-2021-2.0-0380", "PHSA-2021-2.0-0383", "PHSA-2021-2.0-0394", "PHSA-2021-2.0-0395", "PHSA-2021-2.0-0400", "PHSA-2021-2.0-0403", "PHSA-2021-2.0-0418", "PHSA-2021-3.0-0200", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0213", "PHSA-2021-3.0-0215", "PHSA-2021-3.0-0241", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0244", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0253", "PHSA-2021-3.0-0254", "PHSA-2021-3.0-0257", "PHSA-2021-3.0-0273", "PHSA-2021-3.0-0281", "PHSA-2021-3.0-0286", "PHSA-2021-3.0-0290", "PHSA-2021-3.0-0303", "PHSA-2021-3.0-0309", "PHSA-2021-3.0-0312", "PHSA-2021-3.0-0324", "PHSA-2021-3.0-0337", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0030", "PHSA-2021-4.0-0031", "PHSA-2021-4.0-0033", "PHSA-2021-4.0-0035", "PHSA-2021-4.0-0038", "PHSA-2021-4.0-0043", "PHSA-2021-4.0-0048", "PHSA-2021-4.0-0051", "PHSA-2021-4.0-0069", "PHSA-2021-4.0-0077", "PHSA-2021-4.0-0083", "PHSA-2021-4.0-0094", "PHSA-2021-4.0-0110", "PHSA-2021-4.0-0113", "PHSA-2021-4.0-0122", "PHSA-2021-4.0-0135", "PHSA-2021-4.0-0140", "PHSA-2022-0300", "PHSA-2022-0349", "PHSA-2022-0356", "PHSA-2022-3.0-0349", "PHSA-2022-3.0-0356", "PHSA-2022-3.0-0449", "PHSA-2022-3.0-0507", "PHSA-2022-4.0-0300", "PHSA-2023-3.0-0601", "PHSA-2023-3.0-0603", "PHSA-2023-3.0-0620", "PHSA-2023-4.0-0414", "PHSA-2023-5.0-0036"]}, {"type": "prion", "idList": ["PRION:CVE-2021-20231", "PRION:CVE-2021-20232", "PRION:CVE-2021-20266", "PRION:CVE-2021-21409", "PRION:CVE-2021-22876", "PRION:CVE-2021-22898", "PRION:CVE-2021-22925", "PRION:CVE-2021-23840", "PRION:CVE-2021-23841", "PRION:CVE-2021-27645", "PRION:CVE-2021-28153", "PRION:CVE-2021-3100", "PRION:CVE-2021-31535", "PRION:CVE-2021-3200", "PRION:CVE-2021-33560", "PRION:CVE-2021-33574", "PRION:CVE-2021-3426", "PRION:CVE-2021-3445", "PRION:CVE-2021-3481", "PRION:CVE-2021-3572", "PRION:CVE-2021-3580", "PRION:CVE-2021-35942", "PRION:CVE-2021-36084", "PRION:CVE-2021-36085", "PRION:CVE-2021-36086", "PRION:CVE-2021-36087", "PRION:CVE-2021-3712", "PRION:CVE-2021-37136", "PRION:CVE-2021-37137", "PRION:CVE-2021-3778", "PRION:CVE-2021-3796", "PRION:CVE-2021-3800", "PRION:CVE-2021-38604", "PRION:CVE-2021-4104", "PRION:CVE-2021-4125", "PRION:CVE-2021-42574", "PRION:CVE-2021-43527", "PRION:CVE-2021-43529", "PRION:CVE-2021-44228", "PRION:CVE-2021-44530", "PRION:CVE-2021-45046", "PRION:CVE-2022-0070", "PRION:CVE-2022-0552", "PRION:CVE-2022-23848", "PRION:CVE-2022-33915"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:0EAB7251347951045CAC549194E33673", "QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:15D6ABF4D9A50D86E63BA4553A0CD3C6", "QUALYSBLOG:1D4C1F32168D08F694C602531AEBC9D9", "QUALYSBLOG:33FD0B08A1B2E414EAA2ADDFCDFE0EB1", "QUALYSBLOG:3F1898282AF38991E0B849D7A68D2A2B", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:5F3A665821FA30373004EC52F5104E15", "QUALYSBLOG:5FAC1C82A388DBB84ECD7CD43450B624", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:C2ECE416E32C6CC230B13471D41A4E03", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:D38E3F9D341C222CBFEA0B99AD50C439", "QUALYSBLOG:F55CD820063DB6DC3B7A1C8CAE16FC6B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:02EDDA927928C11A6D10A4A0D17823AF", "RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:0C5C51ED53983B92C7C9805E820366C9", "RAPID7BLOG:18CF89AA3B9772E6A572177134F45F3A", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:1D39E7BBA13704DCBB8153C89ABE6B72", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:2FC92FBE5A4445611C80C7C3FA7D9354", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:45B045D2EE21432DF9939E4402522BFC", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:602109CBDD808C41E4DDC9FBC55E144D", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:6F833E0DB9E152EB8397D33430FECB7F", "RAPID7BLOG:7767347A5784FF1C4901601A1A21D2C8", "RAPID7BLOG:7F1312E79E0925118565C90443170051", "RAPID7BLOG:9171BB636F16B6AC97B939C701ABE971", "RAPID7BLOG:97E3CA7ED938F3DF6E967C832F314FA3", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:AB5C0BC130F45073226CC41D25680EA0", "RAPID7BLOG:AF9E6199C63A57B22FAE6AAEDD650D39", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "RAPID7BLOG:C6C1B8357ABD28AEB0F423A0A099098A", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:D1E1A150733F5AFC2C704DB26E7EAB30", "RAPID7BLOG:E3D08ECAA9A93569D5544F4D6AAEEB74", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:ED80467D2D29D8DC10E754C9EA19D9AD", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E", "RAPID7BLOG:F76EF7D6AB9EB07FC8B8BCE442DC3A69", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630", "RAPID7BLOG:FB97B7B381BE98BE0077666DFDEC1953", "RAPID7BLOG:FBEE52CB3C438E4C42D6212E07BEFEA9"]}, {"type": "redhat", "idList": ["RHSA-2019:1243", "RHSA-2019:4238", "RHSA-2021:1168", "RHSA-2021:1511", "RHSA-2021:2139", "RHSA-2021:2328", "RHSA-2021:2465", "RHSA-2021:2471", "RHSA-2021:2472", "RHSA-2021:2689", "RHSA-2021:2692", "RHSA-2021:2693", "RHSA-2021:2694", "RHSA-2021:2696", "RHSA-2021:2755", "RHSA-2021:2965", "RHSA-2021:3016", "RHSA-2021:3225", "RHSA-2021:3254", "RHSA-2021:3296", "RHSA-2021:3454", "RHSA-2021:3477", "RHSA-2021:3653", "RHSA-2021:3656", "RHSA-2021:3658", "RHSA-2021:3660", "RHSA-2021:3700", "RHSA-2021:3798", "RHSA-2021:3873", "RHSA-2021:3880", "RHSA-2021:3925", "RHSA-2021:3949", "RHSA-2021:3959", "RHSA-2021:4032", "RHSA-2021:4033", "RHSA-2021:4034", "RHSA-2021:4035", "RHSA-2021:4036", "RHSA-2021:4037", "RHSA-2021:4038", "RHSA-2021:4039", "RHSA-2021:4160", "RHSA-2021:4162", "RHSA-2021:4172", "RHSA-2021:4198", "RHSA-2021:4231", "RHSA-2021:4241", "RHSA-2021:4288", "RHSA-2021:4326", "RHSA-2021:4358", "RHSA-2021:4368", "RHSA-2021:4373", "RHSA-2021:4374", "RHSA-2021:4382", "RHSA-2021:4385", "RHSA-2021:4386", "RHSA-2021:4387", "RHSA-2021:4396", "RHSA-2021:4399", "RHSA-2021:4408", "RHSA-2021:4409", "RHSA-2021:4424", "RHSA-2021:4426", "RHSA-2021:4451", "RHSA-2021:4455", "RHSA-2021:4464", "RHSA-2021:4489", "RHSA-2021:4510", "RHSA-2021:4511", "RHSA-2021:4513", "RHSA-2021:4517", "RHSA-2021:4585", "RHSA-2021:4586", "RHSA-2021:4587", "RHSA-2021:4588", "RHSA-2021:4589", "RHSA-2021:4590", "RHSA-2021:4591", "RHSA-2021:4592", "RHSA-2021:4593", "RHSA-2021:4594", "RHSA-2021:4595", "RHSA-2021:4596", "RHSA-2021:4598", "RHSA-2021:4599", "RHSA-2021:4600", "RHSA-2021:4601", "RHSA-2021:4602", "RHSA-2021:4613", "RHSA-2021:4614", "RHSA-2021:4618", "RHSA-2021:4627", "RHSA-2021:4649", "RHSA-2021:4669", "RHSA-2021:4694", "RHSA-2021:4723", "RHSA-2021:4724", "RHSA-2021:4729", "RHSA-2021:4730", "RHSA-2021:4743", "RHSA-2021:4750", "RHSA-2021:4845", "RHSA-2021:4848", "RHSA-2021:4851", "RHSA-2021:4861", "RHSA-2021:4863", "RHSA-2021:4902", "RHSA-2021:4903", "RHSA-2021:4904", "RHSA-2021:4907", "RHSA-2021:4909", "RHSA-2021:4914", "RHSA-2021:4919", "RHSA-2021:4932", "RHSA-2021:4933", "RHSA-2021:4946", "RHSA-2021:4953", "RHSA-2021:4954", "RHSA-2021:4969", "RHSA-2021:4994", "RHSA-2021:5006", "RHSA-2021:5035", "RHSA-2021:5038", "RHSA-2021:5093", "RHSA-2021:5094", "RHSA-2021:5106", "RHSA-2021:5107", "RHSA-2021:5108", "RHSA-2021:5126", "RHSA-2021:5127", "RHSA-2021:5129", "RHSA-2021:5130", "RHSA-2021:5132", "RHSA-2021:5133", "RHSA-2021:5134", "RHSA-2021:5137", "RHSA-2021:5138", "RHSA-2021:5140", "RHSA-2021:5141", "RHSA-2021:5148", "RHSA-2021:5183", "RHSA-2021:5184", "RHSA-2021:5186", "RHSA-2021:5226", "RHSA-2022:0015", "RHSA-2022:0034", "RHSA-2022:0042", "RHSA-2022:0043", "RHSA-2022:0044", "RHSA-2022:0047", "RHSA-2022:0064", "RHSA-2022:0082", "RHSA-2022:0083", "RHSA-2022:0138", "RHSA-2022:0163", "RHSA-2022:0191", "RHSA-2022:0202", "RHSA-2022:0203", "RHSA-2022:0205", "RHSA-2022:0216", "RHSA-2022:0222", "RHSA-2022:0223", "RHSA-2022:0296", "RHSA-2022:0318", "RHSA-2022:0431", "RHSA-2022:0434", "RHSA-2022:0476", "RHSA-2022:0520", "RHSA-2022:0577", "RHSA-2022:0580", "RHSA-2022:0589", "RHSA-2022:0595", "RHSA-2022:0721", "RHSA-2022:0727", "RHSA-2022:0728", "RHSA-2022:0735", "RHSA-2022:0842", "RHSA-2022:0856", "RHSA-2022:1013", "RHSA-2022:1051", "RHSA-2022:1081", "RHSA-2022:1296", "RHSA-2022:1297", "RHSA-2022:1299", "RHSA-2022:1354", "RHSA-2022:1396", "RHSA-2022:2216", "RHSA-2022:2217", "RHSA-2022:2218", "RHSA-2022:4918", "RHSA-2022:4919", "RHSA-2022:4922", "RHSA-2022:5069", "RHSA-2022:5070", "RHSA-2022:5498", "RHSA-2022:5840", "RHSA-2022:5903", "RHSA-2022:6429", "RHSA-2022:6526", "RHSA-2022:6835", "RHSA-2022:8418", "RHSA-2022:8506", "RHSA-2023:3223", "RHSA-2023:4053"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-20673", "RH:CVE-2018-25009", "RH:CVE-2018-25010", "RH:CVE-2018-25012", "RH:CVE-2018-25013", "RH:CVE-2018-25014", "RH:CVE-2019-13750", "RH:CVE-2019-13751", "RH:CVE-2019-17594", "RH:CVE-2019-17595", "RH:CVE-2019-18218", "RH:CVE-2019-19603", "RH:CVE-2019-20838", "RH:CVE-2019-5827", "RH:CVE-2020-12762", "RH:CVE-2020-13435", "RH:CVE-2020-14145", "RH:CVE-2020-14155", "RH:CVE-2020-16135", "RH:CVE-2020-17541", "RH:CVE-2020-24370", "RH:CVE-2020-35521", "RH:CVE-2020-35522", "RH:CVE-2020-35523", "RH:CVE-2020-35524", "RH:CVE-2020-36242", "RH:CVE-2020-36330", "RH:CVE-2020-36331", "RH:CVE-2020-36332", "RH:CVE-2021-20231", "RH:CVE-2021-20232", "RH:CVE-2021-20266", "RH:CVE-2021-21409", "RH:CVE-2021-22876", "RH:CVE-2021-22898", "RH:CVE-2021-22925", "RH:CVE-2021-23840", "RH:CVE-2021-23841", "RH:CVE-2021-27645", "RH:CVE-2021-28153", "RH:CVE-2021-31535", "RH:CVE-2021-3200", "RH:CVE-2021-33560", "RH:CVE-2021-33574", "RH:CVE-2021-3426", "RH:CVE-2021-3445", "RH:CVE-2021-3481", "RH:CVE-2021-3572", "RH:CVE-2021-3580", "RH:CVE-2021-35942", "RH:CVE-2021-36084", "RH:CVE-2021-36085", "RH:CVE-2021-36086", "RH:CVE-2021-36087", "RH:CVE-2021-3712", "RH:CVE-2021-37136", "RH:CVE-2021-37137", "RH:CVE-2021-3778", "RH:CVE-2021-3796", "RH:CVE-2021-3800", "RH:CVE-2021-38604", "RH:CVE-2021-40528", "RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-42574", "RH:CVE-2021-43527", "RH:CVE-2021-43529", "RH:CVE-2021-44228", "RH:CVE-2021-44569", "RH:CVE-2021-44570", "RH:CVE-2021-44571", "RH:CVE-2021-44573", "RH:CVE-2021-44574", "RH:CVE-2021-44575", "RH:CVE-2021-44576", "RH:CVE-2021-44577", "RH:CVE-2021-44832", "RH:CVE-2021-45046", "RH:CVE-2021-45105", "RH:CVE-2022-0552"]}, {"type": "redos", "idList": ["ROS-20211223-01", "ROS-20220112-02", "ROS-20220125-11", "ROS-20230619-05"]}, {"type": "rocky", "idList": ["RLSA-2021:4160", "RLSA-2021:4162", "RLSA-2021:4172", "RLSA-2021:4198", "RLSA-2021:4231", "RLSA-2021:4241", "RLSA-2021:4288", "RLSA-2021:4326", "RLSA-2021:4358", "RLSA-2021:4368", "RLSA-2021:4373", "RLSA-2021:4374", "RLSA-2021:4382", "RLSA-2021:4385", "RLSA-2021:4386", "RLSA-2021:4387", "RLSA-2021:4396", "RLSA-2021:4408", "RLSA-2021:4409", "RLSA-2021:4424", "RLSA-2021:4426", "RLSA-2021:4451", "RLSA-2021:4464", "RLSA-2021:4489", "RLSA-2021:4510", "RLSA-2021:4511", "RLSA-2021:4513", "RLSA-2021:4517", "RLSA-2021:4585", "RLSA-2021:4586", "RLSA-2021:4587", "RLSA-2021:4590", "RLSA-2021:4591", "RLSA-2021:4592", "RLSA-2021:4593", "RLSA-2021:4594", "RLSA-2021:4595", "RLSA-2021:4649", "RLSA-2021:4743", "RLSA-2021:4903", "RLSA-2021:5226", "RLSA-2022:5498", "RLSA-2022:8506"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1963", "ROSA-SA-2021-1975"]}, {"type": "rustsec", "idList": ["RUSTSEC-2021-0057", "RUSTSEC-2021-0058", "RUSTSEC-2021-0098"]}, {"type": "schneier", "idList": ["SCHNEIER:7105A847CAE97418252DC3F58DD47B12"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:52D1B0F6F56EE960CC02B969556539D6", "SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931", "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC", "SECURELIST:F62AEEAB0355FAC92D225F808BBF00CD"]}, {"type": "slackware", "idList": ["SSA-2021-090-01", "SSA-2021-139-01", "SSA-2021-202-02", "SSA-2021-337-01", "SSA-2023-006-01"]}, {"type": "sqlite", "idList": ["SQLT:CVE-2020-13435"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1456-1", "OPENSUSE-SU-2019:1488-1", "OPENSUSE-SU-2019:1666-1", "OPENSUSE-SU-2019:2550-1", "OPENSUSE-SU-2019:2551-1", "OPENSUSE-SU-2019:2692-1", "OPENSUSE-SU-2019:2694-1", "OPENSUSE-SU-2020:0677-1", "OPENSUSE-SU-2020:2240-1", "OPENSUSE-SU-2020:2298-1", "OPENSUSE-SU-2021:0357-1", "OPENSUSE-SU-2021:0372-1", "OPENSUSE-SU-2021:0427-1", "OPENSUSE-SU-2021:0430-1", "OPENSUSE-SU-2021:0470-1", "OPENSUSE-SU-2021:0510-1", "OPENSUSE-SU-2021:0807-1", "OPENSUSE-SU-2021:0808-1", "OPENSUSE-SU-2021:0857-1", "OPENSUSE-SU-2021:0892-1", "OPENSUSE-SU-2021:0906-1", "OPENSUSE-SU-2021:0919-1", "OPENSUSE-SU-2021:0962-1", "OPENSUSE-SU-2021:1058-1", "OPENSUSE-SU-2021:1088-1", "OPENSUSE-SU-2021:1188-1", "OPENSUSE-SU-2021:1189-1", "OPENSUSE-SU-2021:1248-1", "OPENSUSE-SU-2021:1261-1", "OPENSUSE-SU-2021:1366-1", "OPENSUSE-SU-2021:1371-1", "OPENSUSE-SU-2021:1374-1", "OPENSUSE-SU-2021:1441-1", "OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1598-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1613-1", "OPENSUSE-SU-2021:1762-1", "OPENSUSE-SU-2021:1860-1", "OPENSUSE-SU-2021:1897-1", "OPENSUSE-SU-2021:1958-1", "OPENSUSE-SU-2021:2143-1", "OPENSUSE-SU-2021:2157-1", "OPENSUSE-SU-2021:2196-1", "OPENSUSE-SU-2021:2320-1", "OPENSUSE-SU-2021:2439-1", "OPENSUSE-SU-2021:2682-1", "OPENSUSE-SU-2021:2685-1", "OPENSUSE-SU-2021:2827-1", "OPENSUSE-SU-2021:2830-1", "OPENSUSE-SU-2021:2966-1", "OPENSUSE-SU-2021:2994-1", "OPENSUSE-SU-2021:3291-1", "OPENSUSE-SU-2021:3354-1", "OPENSUSE-SU-2021:3529-1", "OPENSUSE-SU-2021:3934-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4001-1", "OPENSUSE-SU-2021:4002-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4104-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1", "OPENSUSE-SU-2022:0064-1", "OPENSUSE-SU-2022:0184-1", "OPENSUSE-SU-2022:0184-2", "OPENSUSE-SU-2022:0480-1", "OPENSUSE-SU-2022:0736-1", "OPENSUSE-SU-2022:0942-1", "OPENSUSE-SU-2022:1091-1", "SUSE-SU-2022:1271-1", "SUSE-SU-2022:1315-1", "SUSE-SU-2022:1455-1", "SUSE-SU-2022:1485-1", "SUSE-SU-2022:2102-1", "SUSE-SU-2022:2533-1", "SUSE-SU-2022:2533-2", "SUSE-SU-2022:2595-1"]}, {"type": "symantec", "idList": ["SMNTC-110596", "SMNTC-17570", "SMNTC-19793"]}, {"type": "talosblog", "idList": ["TALOSBLOG:0AA83DE1427426ABF4723FDF049F6EEB", "TALOSBLOG:AFFA9F54A1744A8B65903B06E9C56C3A", "TALOSBLOG:C9F50677FB4030903E6114F7C17FD8DB"]}, {"type": "tenable", "idList": ["TENABLE:F29BAD72446123F9BCC7E3C50234FFF8"]}, {"type": "thn", "idList": ["THN:14D74115700FA05CAF20056AB520447D", "THN:161777F5DB73EF3AB5B13EF9F11E3374", "THN:1D10167F5D53B2791D676CF56488D5D9", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:365025B2416483B34C70F02EDA44131E", "THN:368B6517F020AB4BF1B2344EDC8234A4", "THN:3AB82AD3C4EB492FE308B1276534EBD7", "THN:40A0D7C4B23FCEF48FD7EDCF1CC389AD", "THN:4DE731C9D113C3993C96A773C079023F", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:75A32CF309184E2A99DA7B43EFBFA8E7", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:76F500CE84314456F7B0E4DD1D56D971", "THN:7958F9B1AA180122992C6A0FADB03536", "THN:7E3A24826E7BA91EE1C13CFA71AB1D07", "THN:802C6445DD27FFC7978D22CC3182AD58", "THN:833B2B9623F1C64D20868B947E8BE4E0", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:8755093D287CCB8F16A1A7CD3BDB6ACF", "THN:933FE23273AB5250B949633A337D44E1", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:C73B84809CDC20C90C26FF1B7F56F5D4", "THN:CE191128AE56CD5C614344408C285C87", "THN:DF2B6840863D6847D7088B1A07B19A4A", "THN:E27BF56DBA34B1A89BD29AEB5A6D8405", "THN:E7E8D45492BAD83E88C89D34F8502485", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840"]}, {"type": "threatpost", "idList": ["THREATPOST:02A472487653A461080415A3F7BB23D2", "THREATPOST:03FC9E97BBF9730C5990E8A220DD5E9A", "THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:075BA69792AA7B1AE4C28E1CBE61E360", "THREATPOST:08E51C6FB9418179611DF2ACFB1073BF", "THREATPOST:09118C676E28AC5D7BB791E76F75453C", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:0C3BAA4DB9E2B5E8A30DD20A987FCE03", "THREATPOST:0FD7F2FA7F2D3383F582553124EA843D", "THREATPOST:10245D9804511A09607265485D240FFF", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:1309DBA0F8A2727965C6FA284A002D3B", "THREATPOST:138507F793D8399AF0EE1640C46A9698", "THREATPOST:138F67583DAC26A61D1AB90A018F1250", "THREATPOST:13D4AE4C03A3BF687491FDA1E8D732C7", "THREATPOST:14D52B358840B9265FED987287C1E26E", "THREATPOST:16624FA0DF55AAB9FDB3C14AC91EC9F5", "THREATPOST:16877B149E701CC4DB69E91C567D79CC", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:19BDD881931703B28F7B93492E0C75FD", "THREATPOST:1A553B57472BB0EB8D69F573B510FDE6", "THREATPOST:1B42481449E86FEA3940A2E1E2634309", "THREATPOST:1BE6320CDA6342E72A5A2DD5E0758735", "THREATPOST:1CC682A86B6D521AD5E357B9DB3A1DFB", "THREATPOST:1EB961A6936CB97E2DE6C0212349367F", "THREATPOST:1F99A9A6A418194B87E5468CC8344FBF", "THREATPOST:20F9B8CE2D092108C0F78EC3E415F6B4", "THREATPOST:2188E3E33D86C2C3DF35253A3ED7FA6C", "THREATPOST:2246F7085606B44A031DC14D1B54B9DB", "THREATPOST:23B6C10D7EF469BE8ED27D1C9AFB526A", "THREATPOST:2707644CA0FB49ADD0ECA1B9AFDA0E8A", "THREATPOST:27C5AA551B5793DEA8848FB76DE52B32", "THREATPOST:280ACEC9B5A634E74F3C321F272C3EF3", "THREATPOST:2C0E12580D3C2F1CE7880F6955D4AA1E", "THREATPOST:305513A61FA2B0EF500854C82DF34A9C", "THREATPOST:31091088EDBCEEF43F75A2BA2387EB5C", "THREATPOST:31D14CEE5977BF71F79F7C30AEC10698", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:38E044431D55F0A4BC458FF92EB025BF", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:3A1C8593C0AAEFA3AF77D1A207BD0B65", "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:3ADFDD3CC93B03F83C2CEC5583B016AB", "THREATPOST:3B06E49AA3C9F001C97038682A9BF73F", "THREATPOST:3B8B02F621E9D9883A541B1B26BDF410", "THREATPOST:3D7559852080DD2D74780AC6D5F191C7", "THREATPOST:3DB85AFFEA9491ACBD8909D0CF5FBAEA", "THREATPOST:3EDC338ECB2601F5A49A9ED5E087B776", "THREATPOST:3FDED0EC415BA165368B72AB2A8E1A59", "THREATPOST:40A09F08F388BACF08E0931C6473DE0C", "THREATPOST:40A6B1288BA6177BA30307804BE630D0", "THREATPOST:41B10746D1F4B74DA188CB140A8B2676", "THREATPOST:42AAB266C740220CFF57204DDF71129E", "THREATPOST:436D209F4CB01B99FC9576DFE08DE145", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:46AF5D5C752ADF689DA52FBDA4644F5D", "THREATPOST:47481707E9A4BF7FC15CC47EC8A8F249", "THREATPOST:48A631F2D45804C677BB672F838F29DA", "THREATPOST:48FD4B4BFA020778797D684672C283B0", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:4B8076F30D5D67336733D7FFBCBD929A", "THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:4D892A0342695D6703703D63DCC1877C", "THREATPOST:4EEFA1A0FABB9A6E17C3E70F39EB58FE", "THREATPOST:503327A6AB0C76621D741E281ABCFF77", "THREATPOST:5531DA413E023731C17E5B0771A25B3D", "THREATPOST:57F52943964BADEBC748C4AC796CEEB6", "THREATPOST:590E1D474E265F02BA634F492F728536", "THREATPOST:5B680BEF3CD53FFB3B871FF7365A4C47", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:5F6690E820E1B143D99DD5974300C6FF", "THREATPOST:6067B6D35C99BFCFF226177541A31F69", "THREATPOST:647D7D894452D9C46B3E86F5491EED49", "THREATPOST:65DB14FD89BCDBD3391ADD70F1377E70", "THREATPOST:65F4E74D349524EBAC2DA4A4ECF22DD8", "THREATPOST:6675B640474BF8A8A3D049DB0266A118", "THREATPOST:66848A3C9B8917C8F84DFDC04DD5F6D9", "THREATPOST:68B92CE2FE5B31FB78327BDD0AB7F21C", "THREATPOST:6C547AAC30142F12565AB289E211C079", "THREATPOST:6D28B6E17A92FE11F55907C143B3F5DD", "THREATPOST:703466E6007D5E2783255F53CBE5B433", "THREATPOST:751A0E2371F134F90F39C20AB70C1E2A", "THREATPOST:76A072EE53232EB197F119EC2F7EAA74", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:77DB31E826E03EA9D78EE4777986EA49", "THREATPOST:78327DA051387C43A61D82DE6B618D1F", "THREATPOST:795C39123EE147B39072C9434899E8FE", "THREATPOST:796DFA4804FEF04D3787893FCDFF97D2", "THREATPOST:7DDE7BA7A7916763BDDB5D0C565285DA", "THREATPOST:81021088670E95FC0EBB2F53E1FB2AD2", "THREATPOST:8105FA1422BB4E02CD95C23CC7405E26", "THREATPOST:81DEAED9A2A367373ADA49F1CCDCA95D", "THREATPOST:8243943141B8F18343765DA77D33F46C", "THREATPOST:8594A8F12FC5C97E7E62AF7B9BE3F1AA", "THREATPOST:8601D6EF6AB3201E582A218391B19C3F", "THREATPOST:8648A1E46B6EBE5300881DE285C7D080", "THREATPOST:883A7DED46A4E1C743AFFBA7CDCF4400", "THREATPOST:89AA48C3C48FA427AB660EDEE6DBCBE2", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8B78588647E8548B06361DBB1F279468", "THREATPOST:8D57BD39C913E8DDC450DD9EF2564C2C", "THREATPOST:8E47F9D5A51C75BA6BB0A1E286296563", "THREATPOST:8FFF44C70736D8E21796B9337E52F29D", "THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438", "THREATPOST:9374ECD9CCFC891FC2F3B85DF0905A1C", "THREATPOST:95BDCA2096B58A0697E169C01B1E0F09", "THREATPOST:970C9E73DF1FF53D70DB0B66326F3CB0", "THREATPOST:97D06649A596B5E25E2A11E3D275748B", "THREATPOST:97F7CB48069CDF8038E5E49508EFA458", "THREATPOST:987673B6BC03D7371ADC88E9BDA270D5", "THREATPOST:98F735BF442C3126E4A9FFBB60517B96", "THREATPOST:9922BFA77AFE6A6D35DFEA77A4D195C0", "THREATPOST:99C6C1555ACD07B4925765AED21A360C", "THREATPOST:9D96113FADFD4FBCA9C17B78B53A8C93", "THREATPOST:9E222E9232D1D59183559B17E97BADCD", "THREATPOST:A07707C9B30B86A691C1A24C4DC65EE6", "THREATPOST:A1F3E8AC4878C11E48F90AC47D165F52", "THREATPOST:A6096ACCB3F0C38BC6570E1DDE3E8844", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:AB54F1EB518D88546D1EF9DBA5E1874B", "THREATPOST:AE9B4708A7A9B6F3A24C35E15C6150A4", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B04DD1402960F4726546F62371A02B3C", "THREATPOST:B11E42D0B4C56E4CC482DEF6EA0B4AC7", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:B3A92C43D5FF3C53BE8EF06C687B80B6", "THREATPOST:B5964CC2880F7E4AFF1E9C5DEEE5B287", "THREATPOST:B796D491D9E59A6CE14A74FFE427D175", "THREATPOST:B7C8B7F3016D73355C4ED5E05B0E8490", "THREATPOST:B9CCF4B8B7E25CEC369B248303882707", "THREATPOST:BA0FA5036C385C822C787514850A67E5", "THREATPOST:BDCC3D007E103708BD7CA085B29EF2CB", "THREATPOST:BE11CFFFFEA1B470C8A24CA24D76A7C6", "THREATPOST:C19CE965CE9C8D3208D35F56D8C5D2D6", "THREATPOST:C3C8E90FB9A6A06B1692D70A51973560", "THREATPOST:C4369D60DE77B747298623D4FD0299B3", "THREATPOST:C4B358E42FF02B710BE90F363212C84F", "THREATPOST:C573D419AD6106E6579CCA4A18E2DBBE", "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "THREATPOST:C6D292755B4D35E7E0FD459BBF6AFC7F", "THREATPOST:C754ECCAF3F8A3E6BCD670A88B3E4CAA", "THREATPOST:C9D2DB62AC17B411BFFF253D149E56F2", "THREATPOST:C9FBCC2A1C52CDB54C6AAB18987100F4", "THREATPOST:CAA9AA939562959323A4675228C233A5", "THREATPOST:CD9589D22198CE38A27B7D1434FEE963", "THREATPOST:CEEE25A4A4491980FA1ECB491795DBA9", "THREATPOST:CF3033203781AAC4EAAE83DDCF93ADE8", "THREATPOST:CF4E98EC11A9E5961C991FE8C769544E", "THREATPOST:CF93F3E6D1E96AACFAEE9602C90A711D", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D240DF7FEF328139784DBE743FF84E9B", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:D5E02B5FD2809DCACF41DA1190794921", "THREATPOST:D7D5E283A1FBB50F8BD8797B0D60A622", "THREATPOST:DB4349EAC3DD60D03D1EBDEFF8ABAA8E", "THREATPOST:DC76A72269F271882F45A521CF7C3509", "THREATPOST:DD0FE8D3D9D205FA5CCA65C3EBDD62D2", "THREATPOST:DE6A0C7ECE2973F596891B00DC078055", "THREATPOST:DF2C6B28792FEC8F2404A7DC366B848F", "THREATPOST:E09CE3FA2B76F03886BA3C2D4DB4D8DB", "THREATPOST:E0C8A3622AEF61D726EED997C39BADFE", "THREATPOST:E424D9CD1C692F91FBD97FDDEDBCCE34", "THREATPOST:E60D2D0CCA5A225CA4BF5CEB5C7C3F59", "THREATPOST:E8074A338A246BED98CF95AD4F4E9CAF", "THREATPOST:E8A3AD011F9759F38AAB48D776396878", "THREATPOST:EC28F82F6C3ECD5D0BA7471D5BA50FD6", "THREATPOST:EE0A71A925297032000651C344890BDD", "THREATPOST:F12423DD382283B0E48D4852237679FC", "THREATPOST:F72FDE7CB5D697EFD089937D42475E50", "THREATPOST:F87A6E1CF3889C526FDE8CE50A1B81FF", "THREATPOST:FC38FE49CDC6DFAD4E78D669DBFA5687", "THREATPOST:FDD0C98FAA16831E7A3B7CCE3BFC67FF", "THREATPOST:FDF0EE0C54F947C5167E6B227E92AE63", "THREATPOST:FE7B13B35ED49736C88C39D5279FA3D1"]}, {"type": "trellix", "idList": ["TRELLIX:357BDB16F9C97C350D8CFF381DE2C04E", "TRELLIX:39F5630F37B0A70500113404A73FE414", "TRELLIX:7B9C31B3E2F1A079101A700230D5A5C0", "TRELLIX:908157CFA8050AA23921170E873187E1", "TRELLIX:D57FEAD5DBF6D915430C791AC26C10CC", "TRELLIX:ED6978182DFD9CD1EA1E539B1EDABE6C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2021-004"]}, {"type": "ubuntu", "idList": ["USN-4172-1", "USN-4172-2", "USN-4205-1", "USN-4298-1", "USN-4298-2", "USN-4360-1", "USN-4360-4", "USN-4394-1", "USN-4447-1", "USN-4738-1", "USN-4745-1", "USN-4755-1", "USN-4764-1", "USN-4898-1", "USN-4903-1", "USN-4961-2", "USN-4966-1", "USN-4966-2", "USN-4971-1", "USN-4971-2", "USN-4990-1", "USN-5021-1", "USN-5021-2", "USN-5029-1", "USN-5051-1", "USN-5051-2", "USN-5051-3", "USN-5051-4", "USN-5080-1", "USN-5080-2", "USN-5088-1", "USN-5093-1", "USN-5168-1", "USN-5168-2", "USN-5168-3", "USN-5168-4", "USN-5189-1", "USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5241-1", "USN-5273-1", "USN-5310-1", "USN-5342-1", "USN-5342-3", "USN-5391-1", "USN-5421-1", "USN-5425-1", "USN-5477-1", "USN-5553-1", "USN-5631-1", "USN-5699-1", "USN-5841-1", "USN-5894-1", "USN-6049-1", "USN-6099-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-20673", "UB:CVE-2018-25009", "UB:CVE-2018-25010", "UB:CVE-2018-25012", "UB:CVE-2018-25013", "UB:CVE-2018-25014", "UB:CVE-2019-13750", "UB:CVE-2019-13751", "UB:CVE-2019-17594", "UB:CVE-2019-17595", "UB:CVE-2019-18218", "UB:CVE-2019-19603", "UB:CVE-2019-20838", "UB:CVE-2019-5827", "UB:CVE-2020-12762", "UB:CVE-2020-13435", "UB:CVE-2020-14145", "UB:CVE-2020-14155", "UB:CVE-2020-16135", "UB:CVE-2020-17541", "UB:CVE-2020-24370", "UB:CVE-2020-35521", "UB:CVE-2020-35522", "UB:CVE-2020-35523", "UB:CVE-2020-35524", "UB:CVE-2020-36330", "UB:CVE-2020-36331", "UB:CVE-2020-36332", "UB:CVE-2021-20231", "UB:CVE-2021-20232", "UB:CVE-2021-20266", "UB:CVE-2021-21409", "UB:CVE-2021-22876", "UB:CVE-2021-22898", "UB:CVE-2021-22925", "UB:CVE-2021-23840", "UB:CVE-2021-23841", "UB:CVE-2021-27645", "UB:CVE-2021-28153", "UB:CVE-2021-31535", "UB:CVE-2021-3200", "UB:CVE-2021-33560", "UB:CVE-2021-33574", "UB:CVE-2021-3426", "UB:CVE-2021-3445", "UB:CVE-2021-3481", "UB:CVE-2021-3572", "UB:CVE-2021-3580", "UB:CVE-2021-35942", "UB:CVE-2021-36084", "UB:CVE-2021-36085", "UB:CVE-2021-36086", "UB:CVE-2021-36087", "UB:CVE-2021-3712", "UB:CVE-2021-37136", "UB:CVE-2021-37137", "UB:CVE-2021-3778", "UB:CVE-2021-3796", "UB:CVE-2021-3800", "UB:CVE-2021-38604", "UB:CVE-2021-40528", "UB:CVE-2021-4104", "UB:CVE-2021-42574", "UB:CVE-2021-43527", "UB:CVE-2021-43529", "UB:CVE-2021-44228", "UB:CVE-2021-45046"]}, {"type": "veeam", "idList": ["VEEAM:KB4254"]}, {"type": "veracode", "idList": ["VERACODE:26073", "VERACODE:26112", "VERACODE:26186", "VERACODE:26737", "VERACODE:26878", "VERACODE:26906", "VERACODE:27030", "VERACODE:28548", "VERACODE:28602", "VERACODE:29418", "VERACODE:29419", "VERACODE:29681", "VERACODE:29682", "VERACODE:29720", "VERACODE:29721", "VERACODE:29722", "VERACODE:29723", "VERACODE:29869", "VERACODE:29876", "VERACODE:29916", "VERACODE:30238", "VERACODE:30527", "VERACODE:30715", "VERACODE:30744", "VERACODE:30919", "VERACODE:31289", "VERACODE:31814", "VERACODE:31820", "VERACODE:32046", "VERACODE:32047", "VERACODE:32154", "VERACODE:32327", "VERACODE:32328", "VERACODE:32496", "VERACODE:32804", "VERACODE:32902", "VERACODE:32922", "VERACODE:32946", "VERACODE:32949", "VERACODE:32951", "VERACODE:32953", "VERACODE:32962", "VERACODE:32994", "VERACODE:32997", "VERACODE:32998", "VERACODE:32999", "VERACODE:33000", "VERACODE:33117", "VERACODE:33118", "VERACODE:33119", "VERACODE:33120", "VERACODE:33121", "VERACODE:33122", "VERACODE:33123", "VERACODE:33124", "VERACODE:33195", "VERACODE:33224", "VERACODE:33225", "VERACODE:33226", "VERACODE:33227", "VERACODE:33244", "VERACODE:33337", "VERACODE:33348", "VERACODE:33453"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.1", "VMSA-2021-0028.10", "VMSA-2021-0028.11", "VMSA-2021-0028.12", "VMSA-2021-0028.13", "VMSA-2021-0028.2", "VMSA-2021-0028.3", "VMSA-2021-0028.4", "VMSA-2021-0028.6", "VMSA-2021-0028.7", "VMSA-2021-0028.8", "VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "wordfence", "idList": ["WORDFENCE:107445D672F037011ADA9A0DA9FB8292", "WORDFENCE:45390D67D024DD8C963E18DAE88303B2"]}, {"type": "zdt", "idList": ["1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37228", "1337DAY-ID-37257", "1337DAY-ID-37264", "1337DAY-ID-37889", "1337DAY-ID-38098", "1337DAY-ID-38421"]}]}, "score": {"value": 9.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY33.ASC"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:61BDCEC3AEF8E6FC9E12623DB54E8144", "AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:7E872DA472DB19F259EC6E0D8CA018FF", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3"]}, {"type": "almalinux", "idList": ["ALSA-2021:4172", "ALSA-2021:4198", "ALSA-2021:4231", "ALSA-2021:4241", "ALSA-2021:4288", "ALSA-2021:4326", "ALSA-2021:4358", "ALSA-2021:4368", "ALSA-2021:4373", "ALSA-2021:4374", "ALSA-2021:4382", "ALSA-2021:4385", "ALSA-2021:4386", "ALSA-2021:4387", "ALSA-2021:4396", "ALSA-2021:4399", "ALSA-2021:4408", "ALSA-2021:4409", "ALSA-2021:4424", "ALSA-2021:4426", "ALSA-2021:4451", "ALSA-2021:4455", "ALSA-2021:4464", "ALSA-2021:4489", "ALSA-2021:4510", "ALSA-2021:4511", "ALSA-2021:4513", "ALSA-2021:4517", "ALSA-2021:4585", "ALSA-2021:4586", "ALSA-2021:4590", "ALSA-2021:4591", "ALSA-2021:4592", "ALSA-2021:4593", "ALSA-2021:4594", "ALSA-2021:5226"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-20266"]}, {"type": "amazon", "idList": ["ALAS-2019-1326", "ALAS-2021-1500", "ALAS-2021-1504", "ALAS-2021-1509", "ALAS-2021-1517", "ALAS-2021-1552", "ALAS-2021-1553", "ALAS-2021-1554", "ALAS2-2021-1612", "ALAS2-2021-1640", "ALAS2-2021-1653", "ALAS2-2021-1686", "ALAS2-2021-1721", "ALAS2-2021-1722", "ALAS2-2021-1728", "ALAS2-2021-1730", "ALAS2-2021-1731", "ALAS2-2021-1732"]}, {"type": "androidsecurity", "idList": ["ANDROID:ANDROID-11"]}, {"type": "apple", "idList": ["APPLE:1451472D328FDFE3DC99DD199D7D7CB9", "APPLE:47A6F4E1660238E39625B31A34F6CDF1", "APPLE:4B24B474978FAA0D4305A8A3C49C9CB5", "APPLE:4CDA87B47F793E07ABCA7B9C9345521B", "APPLE:8592A5882F33472850FF959BB2667129", "APPLE:914AF8F52D4AB5DC92631271089CEE87", "APPLE:B08BBADEFC88806E12CB234F1EB6C4C6", "APPLE:B42E67860AD9D9F5B9307A29A1189DF0", "APPLE:BF1622028DAB7FB7B0D91852357DB961", "APPLE:CABE34499864F4FA47751E5A9FCC58AC", "APPLE:HT211843", "APPLE:HT211844", "APPLE:HT211850"]}, {"type": "archlinux", "idList": ["ASA-202001-2", "ASA-202103-1", "ASA-202105-12", "ASA-202106-28", "ASA-202106-4", "ASA-202106-5", "ASA-202106-6", "ASA-202106-7", "ASA-202106-8", "ASA-202106-9", "ASA-202107-59", "ASA-202107-60", "ASA-202107-61", "ASA-202107-62", "ASA-202107-63", "ASA-202107-64"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-21479", "ATLASSIAN:BSERV-13033", "ATLASSIAN:CONFSERVER-74534", "ATLASSIAN:FE-7366", "ATLASSIAN:JRASERVER-72978", "ATLASSIAN:JSDSERVER-10843"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74"]}, {"type": "avleonov", "idList": ["AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "AVLEONOV:89C75127789AC2C132A3AA403F035902"]}, {"type": "centos", "idList": ["CESA-2021:2328", "CESA-2021:4904"]}, {"type": "cert", "idList": ["VU:930724", "VU:999008"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0936"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865", "CPS:SK177428"]}, {"type": "chrome", "idList": ["GCSA-2870888737834917444", "GCSA-3475418297324307253"]}, {"type": "cisa", "idList": ["CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:920F1DA8584B18459D4963D91C8DDA33"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:163520ADA147AB65CEF40BB75A4D46C0", "CFOUNDRY:26376A1BD4B7C64EDDE25DF6FFD71812", "CFOUNDRY:690C01663F820378948F8CF2E2405F72", "CFOUNDRY:6AAA637C3916EA2A44D93B95BEA9728B", "CFOUNDRY:7CFA05FF63DADFE32E3B6B3CFD30F896"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1614885634", "CLSA-2021:1617285762", "CLSA-2021:1623075923", "CLSA-2021:1632261785", "CLSA-2021:1632261872", "CLSA-2021:1632261944", "CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-19603", "CVE-2020-17541", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3572", "CVE-2021-35942", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2619-1:8192B", "DEBIAN:DLA-2664-1:7F2B8", "DEBIAN:DLA-2666-1:1352A", "DEBIAN:DLA-2672-1:4D320", "DEBIAN:DLA-2677-1:28A45", "DEBIAN:DLA-2691-1:57A3E", "DEBIAN:DLA-2694-1:F9B4F", "DEBIAN:DLA-2708-1:E46E3", "DEBIAN:DLA-2766-1:9EFDC", "DEBIAN:DLA-2836-2:04B5B", "DEBIAN:DLA-2842-1:95CB4", "DEBIAN:DSA-4500-1:C7649", "DEBIAN:DSA-4869-1:6F57F", "DEBIAN:DSA-4881-1:5FAC1", "DEBIAN:DSA-4885-1:31BC0", "DEBIAN:DSA-4920-1:E3102", "DEBIAN:DSA-4930-1:83549", "DEBIAN:DSA-4933-1:33C31", "DEBIAN:DSA-4963-1:DA7BC", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-20673", "DEBIANCVE:CVE-2019-13750", "DEBIANCVE:CVE-2019-13751", "DEBIANCVE:CVE-2019-5827", "DEBIANCVE:CVE-2021-43527", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-45046"]}, {"type": "exploitdb", "idList": ["EDB-ID:50590", "EDB-ID:50592"]}, {"type": "f5", "idList": ["F5:K02219239", "F5:K19026212", "F5:K24554520", "F5:K24624116", "F5:K32171392", "F5:K43700555", "F5:K48050136"]}, {"type": "fedora", "idList": ["FEDORA:09DA530946F5", "FEDORA:0A343304CB93", "FEDORA:0BA8230F3B81", "FEDORA:19CF8305D42F", "FEDORA:24541309E0C8", "FEDORA:2FB16636512C", "FEDORA:33F5F3096E54", "FEDORA:344EE312AD63", "FEDORA:40F4C30A9F42", "FEDORA:4D6AD6087D20", "FEDORA:51E773072E1C", "FEDORA:548FD3102AB0", "FEDORA:5697830B6819", "FEDORA:57A373072E82", "FEDORA:58B4460D22EC", "FEDORA:58EA560560A9", "FEDORA:59A883072F03", "FEDORA:59AA230A7074", "FEDORA:62E10307F96A", "FEDORA:662DB3076C1C", "FEDORA:69F08305D42D", "FEDORA:6E91660E154C", "FEDORA:70256616B2FD", "FEDORA:764143099EED", "FEDORA:79CAE30A5759", "FEDORA:8234B30528F7", "FEDORA:8267A3072636", "FEDORA:83CB5312AD6E", "FEDORA:841B6304C3CD", "FEDORA:8E873309A61B", "FEDORA:91F3430B4C91", "FEDORA:9276A604C5FD", "FEDORA:9471A606D8C2", "FEDORA:95A5B306879A", "FEDORA:A0EF6613BB10", "FEDORA:A46793091C12", "FEDORA:A5A703103140", "FEDORA:AAF643072F13", "FEDORA:AFC9E304C77D", "FEDORA:AFD5E606ED5A", "FEDORA:B050060758B6", "FEDORA:B0DC3307F42B", "FEDORA:B2561309E0E7", "FEDORA:B26D730EC2B6", "FEDORA:B4277665BA1C", "FEDORA:B5C2330A707B", "FEDORA:C3ED760C452F", "FEDORA:C5FD46089669", "FEDORA:CA2F130B268C", "FEDORA:D1BE0309E3C6", "FEDORA:D1ECA309D9B4", "FEDORA:D303630E6E8E", "FEDORA:D9D67604AF39", "FEDORA:DA89631A6294", "FEDORA:E2E153060992", "FEDORA:E526F603B29C", "FEDORA:EB3AF3096E5D", "FEDORA:ECBFB316C4D4", "FEDORA:F0DF83075DC8", "FEDORA:F113230AA459"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "2F3CD69E-7DEE-11EB-B92E-0022489AD614", "381DEEBB-F5C9-11E9-9C4F-74D435E60B7C", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "56BA4513-A1BE-11EB-9072-D4C9EF517024", "58D6ED66-C2E8-11EB-9FB0-6451062F0F7A", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "AA646C01-EA0D-11EB-9B84-D4C9EF517024", "B0F49CB9-6736-11EC-9EEA-589CFC007716", "B1194286-958E-11EB-9C34-080027F515EA", "F671C282-95EF-11EB-9C34-080027F515EA"]}, {"type": "gentoo", "idList": ["GLSA-202003-08", "GLSA-202003-16", "GLSA-202003-24", "GLSA-202103-03", "GLSA-202104-04", "GLSA-202104-06", "GLSA-202105-16", "GLSA-202105-35", "GLSA-202105-36", "GLSA-202107-07", "GLSA-202107-13", "GLSA-202107-43"]}, {"type": "github", "idList": ["GHSA-7RJR-3Q55-VV33", "GHSA-84RM-QF37-FGC2", "GHSA-F256-J965-7F32", "GHSA-JFH8-C2JP-5V3Q", "GHSA-QGM6-9472-PWQ7", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "016A0841-D1FF-5056-B062-0D08FCE624CB", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0B1484CA-22A0-50C8-9FDE-1E07AD2BBF96", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C734DE8-002A-5611-8897-213D53D85089", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "141F2E38-979B-50B5-B649-96785B255523", "14482532-2406-58DF-89FF-30B085015257", "149F99C3-6B62-5255-8DA6-A0370E6ED5F7", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "17BD376D-CB3D-5068-BA1A-79A1B280D87A", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "2F657CD7-51C1-50EC-9E70-D422A0CCB2B0", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "31E7D7EA-2E1F-59D8-8BD7-81B8A4894F91", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DFE8091-03AE-565B-A198-BD509784502C", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "42098CCD-C708-53FC-B3CD-5A8356B69359", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "43CEFD04-EB9B-5765-AB94-8FF76127F1F6", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4A0D603B-6526-5D1E-BADC-55B4775C354B", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4DBC05D1-8178-5715-953D-61ECC89104F4", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "5644D9A0-3A8F-52F3-AE3E-300C79911A07", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "58ACC402-1947-5FE3-9D08-021A4EFEC48A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "6413E08F-7E60-50ED-932E-527F515A6C19", "65EB18B2-8DBB-5A70-9080-C6DA4451D7E7", "6600C311-30E5-566D-98F1-AC47E752EBEA", "677CD9AF-0520-5216-A7CF-24A1830EDAFD", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F7E4100-F6E7-5C57-8A1B-89F03DCC53A6", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "700E9EFF-DFA6-504F-8DD1-FB1A62E01721", "70582B5B-E1E6-5767-94A6-39740A96A052", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "743571E7-B8EE-5E77-B047-E2E001379ACE", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "9297A534-2B19-597A-8952-6EC15EE80BFF", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "952CB700-FA2F-5221-96B9-2656F967B63E", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "99311B70-D3DF-51CC-A5BA-7CF852BB14AF", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A19F503A-900B-5929-8182-4BD7B1043185", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A4A33F39-BA6F-5AC0-B72C-30F0E4D6CD56", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AF45C6B5-246A-5363-8436-954018BD121C", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF93C0CA-BFDD-5C90-9D8D-55350790E1D1", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B32ED3B3-2054-5776-B952-907BE2CBEED6", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B596B144-65DB-5863-8244-67AEE883C50E", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B9A69678-D96F-528D-B436-366259B4A283", "BA8F1657-CF64-574C-81BA-6432D5A351D4", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C306DCEF-59B3-5147-8169-3674490BD35F", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C96865D9-B80D-5799-9EB6-DDF13650F0AA", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB4B727A-DC5A-5BD9-84C9-782301F87004", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "CF96C0AC-16EB-57DE-B450-775CC256F1C2", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D1E393B9-589D-5A20-8799-0F762FD361DA", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D536CD4F-33F2-570F-BA34-54E141F1132C", "D64C04EA-093F-5924-A39B-714908D4637E", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "D8246B9C-AC86-5FFA-AA8F-4419E4CD07F1", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DE88B6AE-5D54-5B49-A097-57038C720463", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E07C4625-66EE-5E09-880C-251E6273C21A", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E4103A50-881C-52BB-86CC-27F549B798E9", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "F186E974-8939-5642-89F6-57E5649B31E9", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F50E9F2C-8C80-5A76-A993-A3E42414D797", "F523E799-3659-532F-8EED-40AD7F79E752", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:8349A69B035DE11BF3027158A9CEA417"]}, {"type": "hackerone", "idList": ["H1:1101882", "H1:1113025", "H1:1223882", "H1:1423496", "H1:1438393"]}, {"type": "hivepro", "idList": ["HIVEPRO:205916945365E4C9EB9829951A82295A"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "ibm", "idList": ["023AF7CE811F35CB9EA5BD22171F66AA17D83D1B9FF44FF925D320814BAE40E2", "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "1A35248CBBA17AE981ED0B52B133E7CA1678042C1A9C93C2EC8BED2EF8994420", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "2E99FBB731310229E5D67CCF834D84A3C63F588068BE4D2601929B95EFC9AA89", "30A5CA62F6580AAFA852738DF5325C812D685A3292E94F7A9E759C1125E79A0A", "32B20434710D4CE2D9F48A3DF5BB5D8CEAA637E619A2F59A623867C3064BC74E", "3F4820A3C64022355AE6B658B22CB04D75AF98980AA0D9E31E518E440502939E", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "472B90C1832448CA528B9FB0B6A4E81CAB1388397DE753F5CD640C5D7396EC9B", "4F8D39F3F464E5E9FD3000C317BC69CF4FEEE9F0605C69E62D810607C6BB87CD", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "558ED6F880AE90E6CA233933ED947E6F8B2EFF2613CBD4FECB6553DBCB9609BA", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6CC386F9299ECFE5F62C9D0954CED9917B32A3DFEB8BC98C8212D83DD7B53DF6", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "77C0F01606E7883D65A2981E1E5DAEA1712E790E6D5528DDD17691C666E43D15", "7A36E54AFF586A013BFC64E0308098C6070D7FE82FD631B59758E4F661D42586", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "A5803C821BBFCE3CF61C99A5753B13549E824EAC069265D225FFBDF6B568BCDB", "B5AA883A7ECBB98CC082171970FB0FD2158AEB520B2B654518056D674E2939C5", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CD617F98180D24BACD7FAE3B791B49B329F7F25DC885A6AD81CD6A815194B6BA", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "D539341B64A88A49490C3C0F20392F7B5A9616A42C069A2509BF53F2F8A4D618", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "E67F6EE1C05A0DFBB7E42F8DDE81795FCC3D933297C925E42690163F0C1D21A6", "E7E10B1CFDE7DBAE5E93EB8EF50E03FCA4DAE3C0D9270B040B02BCEE5D0199B9", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "FA8CCED2D5B77B978F428FA2F61CD879A13EF9DAC53A5435AC48BEE003AC2363"]}, {"type": "ics", "idList": ["ICSA-22-034-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:5E03360E0443A626205E9BCF969114F6", "IMPERVABLOG:7CB37AC69862942C5D316E69A7815579", "IMPERVABLOG:B4C9A56D0F82346F616E74B1CFB10A5D", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E"]}, {"type": "kaspersky", "idList": ["KLA11475", "KLA11621", "KLA11718", "KLA12390", "KLA12391", "KLA12392", "KLA12393", "KLA12395", "KLA12396"]}, {"type": "kitploit", "idList": ["KITPLOIT:134021490040098714", "KITPLOIT:144331229809700743", "KITPLOIT:3188944951765917430", "KITPLOIT:3773942873037113539", "KITPLOIT:4125185526326677098", "KITPLOIT:4333067961180534072", "KITPLOIT:4654779182065061303", "KITPLOIT:522409803487164759", "KITPLOIT:5734436811250397170", "KITPLOIT:5789499291738758939", "KITPLOIT:6422486000446318290", "KITPLOIT:7976092996345827446", "KITPLOIT:8031680161397698025", "KITPLOIT:8148701901300660800", "KITPLOIT:8266451932034361580", "KITPLOIT:8945091038325456871"]}, {"type": "krebs", "idList": ["KREBS:96D195F8A7993DA13DE32CA9BDD1A0F7"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:6ADDB8622B581CCDBCEF3BBBA64D6F59", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/LOG4SHELL_SCANNER/", "MSF:EXPLOIT/MULTI/HTTP/LOG4SHELL_HEADER_INJECTION/", "MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2019-18218/", "MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2021-23841/", "MSF:ILITIES/CENTOS_LINUX-CVE-2019-5827/", "MSF:ILITIES/DEBIAN-CVE-2019-5827/", "MSF:ILITIES/DEBIAN-CVE-2021-22876/", "MSF:ILITIES/DEBIAN-CVE-2021-3426/", "MSF:ILITIES/F5-BIG-IP-CVE-2020-14145/", "MSF:ILITIES/GENTOO-LINUX-CVE-2019-13751/", "MSF:ILITIES/GENTOO-LINUX-CVE-2019-17594/", "MSF:ILITIES/GENTOO-LINUX-CVE-2019-17595/", "MSF:ILITIES/GENTOO-LINUX-CVE-2020-35521/", "MSF:ILITIES/GENTOO-LINUX-CVE-2020-35523/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2019-5827/", "MSF:ILITIES/HTTP-OPENSSL-CVE-2021-23841/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2019-18218/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2020-14145/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-14145/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2021-23841/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-14145/", "MSF:ILITIES/OPENBSD-OPENSSH-CVE-2020-14145/", "MSF:ILITIES/SUSE-CVE-2019-17594/", "MSF:ILITIES/SUSE-CVE-2019-17595/", "MSF:ILITIES/SUSE-CVE-2019-18218/", "MSF:ILITIES/UBUNTU-CVE-2019-5827/", "MSF:ILITIES/UBUNTU-CVE-2021-23841/"]}, {"type": "mmpc", "idList": ["MMPC:42ECD98DCF925DC4063DE66F75FB5433", "MMPC:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "mscve", "idList": ["MS:CVE-2021-44228"]}, {"type": "msrc", "idList": ["MSRC:543F3A129A47F4B14FB170389908717B"]}, {"type": "mssecure", "idList": ["MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1370.NASL", "AL2_ALAS-2020-1492.NASL", "AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1612.NASL", "AL2_ALAS-2021-1640.NASL", "AL2_ALAS-2021-1653.NASL", "AL2_ALAS-2021-1686.NASL", "AL2_ALAS-2021-1721.NASL", "AL2_ALAS-2021-1722.NASL", "AL2_ALAS-2021-1728.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "ALA_ALAS-2019-1326.NASL", "ALA_ALAS-2021-1500.NASL", "ALA_ALAS-2021-1504.NASL", "ALA_ALAS-2021-1509.NASL", "ALA_ALAS-2021-1517.NASL", "ALA_ALAS-2021-1552.NASL", "ALA_ALAS-2021-1553.NASL", "ALA_ALAS-2021-1554.NASL", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_HTTP_HEADERS.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN", "APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_LOG4SHELL_DNS.NBIN", "APACHE_LOG4SHELL_IMAP.NBIN", "APACHE_LOG4SHELL_POP3.NBIN", "APACHE_LOG4SHELL_SMTP.NBIN", "APACHE_LOG4SHELL_SNMP.NBIN", "APACHE_LOG4SHELL_SSH.NBIN", "APACHE_LOG4SHELL_UPNP.NBIN", "APPLE_IOS_146_CHECK.NBIN", "APPLE_IOS_147_CHECK.NBIN", "CENTOS8_RHSA-2021-4160.NASL", "CENTOS8_RHSA-2021-4162.NASL", "CENTOS8_RHSA-2021-4172.NASL", "CENTOS8_RHSA-2021-4198.NASL", "CENTOS8_RHSA-2021-4231.NASL", "CENTOS8_RHSA-2021-4241.NASL", "CENTOS8_RHSA-2021-4288.NASL", "CENTOS8_RHSA-2021-4326.NASL", "CENTOS8_RHSA-2021-4358.NASL", "CENTOS8_RHSA-2021-4368.NASL", "CENTOS8_RHSA-2021-4373.NASL", "CENTOS8_RHSA-2021-4374.NASL", "CENTOS8_RHSA-2021-4382.NASL", "CENTOS8_RHSA-2021-4385.NASL", "CENTOS8_RHSA-2021-4386.NASL", "CENTOS8_RHSA-2021-4387.NASL", "CENTOS8_RHSA-2021-4396.NASL", "CENTOS8_RHSA-2021-4399.NASL", "CENTOS8_RHSA-2021-4408.NASL", "CENTOS8_RHSA-2021-4409.NASL", "CENTOS8_RHSA-2021-4424.NASL", "CENTOS8_RHSA-2021-4426.NASL", "CENTOS8_RHSA-2021-4451.NASL", "CENTOS8_RHSA-2021-4455.NASL", "CENTOS8_RHSA-2021-4464.NASL", "CENTOS8_RHSA-2021-4489.NASL", "CENTOS8_RHSA-2021-4510.NASL", "CENTOS8_RHSA-2021-4511.NASL", "CENTOS8_RHSA-2021-4513.NASL", "CENTOS8_RHSA-2021-4517.NASL", "CENTOS8_RHSA-2021-4587.NASL", "CENTOS8_RHSA-2021-4590.NASL", "CENTOS8_RHSA-2021-4593.NASL", "CENTOS8_RHSA-2021-4595.NASL", "CENTOS8_RHSA-2021-5226.NASL", "CENTOS_RHSA-2021-2328.NASL", "CENTOS_RHSA-2021-3296.NASL", "CENTOS_RHSA-2021-4904.NASL", "DEBIAN_DLA-2619.NASL", "DEBIAN_DLA-2664.NASL", "DEBIAN_DLA-2666.NASL", "DEBIAN_DLA-2672.NASL", "DEBIAN_DLA-2677.NASL", "DEBIAN_DLA-2691.NASL", "DEBIAN_DLA-2708.NASL", "DEBIAN_DLA-2766.NASL", "DEBIAN_DLA-2842.NASL", "DEBIAN_DSA-4550.NASL", "DEBIAN_DSA-4869.NASL", "DEBIAN_DSA-4881.NASL", "DEBIAN_DSA-4885.NASL", "DEBIAN_DSA-4920.NASL", "DEBIAN_DSA-4930.NASL", "DEBIAN_DSA-4933.NASL", "DEBIAN_DSA-4963.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "EULEROS_SA-2019-2278.NASL", "EULEROS_SA-2019-2292.NASL", "EULEROS_SA-2019-2420.NASL", "EULEROS_SA-2019-2449.NASL", "EULEROS_SA-2019-2525.NASL", "EULEROS_SA-2019-2544.NASL", "EULEROS_SA-2019-2634.NASL", "EULEROS_SA-2020-1142.NASL", "EULEROS_SA-2020-1201.NASL", "EULEROS_SA-2020-1206.NASL", "EULEROS_SA-2021-1398.NASL", "EULEROS_SA-2021-1445.NASL", "EULEROS_SA-2021-1504.NASL", "EULEROS_SA-2021-1541.NASL", "EULEROS_SA-2021-1545.NASL", "EULEROS_SA-2021-1584.NASL", "EULEROS_SA-2021-1608.NASL", "EULEROS_SA-2021-1694.NASL", "EULEROS_SA-2021-1712.NASL", "EULEROS_SA-2021-1716.NASL", "EULEROS_SA-2021-1720.NASL", "EULEROS_SA-2021-1721.NASL", "EULEROS_SA-2021-1740.NASL", "EULEROS_SA-2021-1746.NASL", "EULEROS_SA-2021-1754.NASL", "EULEROS_SA-2021-1759.NASL", "EULEROS_SA-2021-1770.NASL", "EULEROS_SA-2021-1813.NASL", "EULEROS_SA-2021-1825.NASL", "EULEROS_SA-2021-1826.NASL", "EULEROS_SA-2021-1871.NASL", "EULEROS_SA-2021-1880.NASL", "EULEROS_SA-2021-1882.NASL", "EULEROS_SA-2021-1907.NASL", "EULEROS_SA-2021-1908.NASL", "EULEROS_SA-2021-1909.NASL", "EULEROS_SA-2021-1924.NASL", "EULEROS_SA-2021-1930.NASL", "EULEROS_SA-2021-1935.NASL", "EULEROS_SA-2021-1945.NASL", "EULEROS_SA-2021-1951.NASL", "EULEROS_SA-2021-1956.NASL", "EULEROS_SA-2021-1962.NASL", "EULEROS_SA-2021-1969.NASL", "EULEROS_SA-2021-2154.NASL", "EULEROS_SA-2021-2156.NASL", "EULEROS_SA-2021-2176.NASL", "EULEROS_SA-2021-2184.NASL", "EULEROS_SA-2021-2186.NASL", "EULEROS_SA-2021-2197.NASL", "EULEROS_SA-2021-2204.NASL", "EULEROS_SA-2021-2206.NASL", "EULEROS_SA-2021-2214.NASL", "EULEROS_SA-2021-2215.NASL", "EULEROS_SA-2021-2223.NASL", "EULEROS_SA-2021-2456.NASL", "EULEROS_SA-2021-2457.NASL", "EULEROS_SA-2021-2461.NASL", "EULEROS_SA-2021-2468.NASL", "EULEROS_SA-2021-2469.NASL", "EULEROS_SA-2021-2470.NASL", "EULEROS_SA-2021-2471.NASL", "EULEROS_SA-2021-2472.NASL", "EULEROS_SA-2021-2475.NASL", "EULEROS_SA-2021-2484.NASL", "EULEROS_SA-2021-2503.NASL", "EULEROS_SA-2021-2504.NASL", "EULEROS_SA-2021-2506.NASL", "EULEROS_SA-2021-2507.NASL", "EULEROS_SA-2021-2512.NASL", "EULEROS_SA-2021-2526.NASL", "EULEROS_SA-2021-2531.NASL", "EULEROS_SA-2021-2532.NASL", "EULEROS_SA-2021-2533.NASL", "EULEROS_SA-2021-2534.NASL", "EULEROS_SA-2021-2536.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2550.NASL", "EULEROS_SA-2021-2555.NASL", "EULEROS_SA-2021-2556.NASL", "EULEROS_SA-2021-2557.NASL", "EULEROS_SA-2021-2558.NASL", "EULEROS_SA-2021-2560.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2625.NASL", "EULEROS_SA-2021-2632.NASL", "EULEROS_SA-2021-2639.NASL", "EULEROS_SA-2021-2640.NASL", "EULEROS_SA-2021-2653.NASL", "EULEROS_SA-2021-2656.NASL", "EULEROS_SA-2021-2660.NASL", "EULEROS_SA-2021-2666.NASL", "EULEROS_SA-2021-2667.NASL", "EULEROS_SA-2021-2668.NASL", "EULEROS_SA-2021-2682.NASL", "EULEROS_SA-2021-2692.NASL", "EULEROS_SA-2021-2693.NASL", "EULEROS_SA-2021-2695.NASL", "EULEROS_SA-2021-2707.NASL", "EULEROS_SA-2021-2717.NASL", "EULEROS_SA-2021-2718.NASL", "EULEROS_SA-2021-2720.NASL", "EULEROS_SA-2021-2817.NASL", "EULEROS_SA-2021-2820.NASL", "EULEROS_SA-2021-2827.NASL", "EULEROS_SA-2021-2828.NASL", "EULEROS_SA-2021-2834.NASL", "EULEROS_SA-2021-2836.NASL", "EULEROS_SA-2021-2838.NASL", "EULEROS_SA-2021-2839.NASL", "EULEROS_SA-2021-2845.NASL", "FEDORA_2019-18036B898E.NASL", "FEDORA_2019-1A10C04281.NASL", "FEDORA_2019-554C3C691F.NASL", "FEDORA_2019-97DCB2762A.NASL", "FEDORA_2020-F4F5E49CB8.NASL", "FEDORA_2021-2AB6F060D9.NASL", "FEDORA_2021-662680E477.NASL", "FEDORA_2021-8D52A8A999.NASL", "FEDORA_2021-968F57EC98.NASL", "FEDORA_2021-A1F51FC418.NASL", "FEDORA_2021-A311BF10D4.NASL", "FEDORA_2021-CAB5C9BEFB.NASL", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_2F3CD69E7DEE11EBB92E0022489AD614.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_56BA4513A1BE11EB9072D4C9EF517024.NASL", "FREEBSD_PKG_58D6ED66C2E811EB9FB06451062F0F7A.NASL", "FREEBSD_PKG_96811D4A04EC11EC9B84D4C9EF517024.NASL", "FREEBSD_PKG_AA646C01EA0D11EB9B84D4C9EF517024.NASL", "FREEBSD_PKG_B0F49CB9673611EC9EEA589CFC007716.NASL", "FREEBSD_PKG_B1194286958E11EB9C34080027F515EA.NASL", "FREEBSD_PKG_F671C28295EF11EB9C34080027F515EA.NASL", "GENTOO_GLSA-202003-08.NASL", "GENTOO_GLSA-202003-16.NASL", "GENTOO_GLSA-202003-24.NASL", "GENTOO_GLSA-202103-03.NASL", "GENTOO_GLSA-202104-04.NASL", "GENTOO_GLSA-202104-06.NASL", "GOOGLE_CHROME_79_0_3945_79.NASL", "IBM_MQ_6382922.NASL", "LCE_6_0_9.NASL", "LOG4J_LOG4SHELL_FTP.NBIN", "LOG4J_LOG4SHELL_NTP.NBIN", "LOG4J_LOG4SHELL_SIP_INVITE.NBIN", "LOG4J_LOG4SHELL_WWW.NBIN", "MACOSX_GOOGLE_CHROME_79_0_3945_79.NASL", "MACOS_HT212529.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_24.NASL", "NODEJS_2021_FEB.NASL", "OPENSUSE-2019-1456.NASL", "OPENSUSE-2019-1666.NASL", "OPENSUSE-2019-2550.NASL", "OPENSUSE-2019-2551.NASL", "OPENSUSE-2019-2692.NASL", "OPENSUSE-2021-1088.NASL", "OPENSUSE-2021-1188.NASL", "OPENSUSE-2021-1189.NASL", "OPENSUSE-2021-1366.NASL", "OPENSUSE-2021-1371.NASL", "OPENSUSE-2021-1374.NASL", "OPENSUSE-2021-1441.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1613.NASL", "OPENSUSE-2021-1762.NASL", "OPENSUSE-2021-1860.NASL", "OPENSUSE-2021-1897.NASL", "OPENSUSE-2021-1958.NASL", "OPENSUSE-2021-2143.NASL", "OPENSUSE-2021-2157.NASL", "OPENSUSE-2021-2196.NASL", "OPENSUSE-2021-2439.NASL", "OPENSUSE-2021-2827.NASL", "OPENSUSE-2021-2830.NASL", "OPENSUSE-2021-372.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4001.NASL", "OPENSUSE-2021-4002.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4104.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-427.NASL", "OPENSUSE-2021-430.NASL", "OPENSUSE-2021-470.NASL", "OPENSUSE-2021-510.NASL", "OPENSUSE-2021-807.NASL", "OPENSUSE-2021-808.NASL", "OPENSUSE-2021-857.NASL", "ORACLELINUX_ELSA-2021-2328.NASL", "ORACLELINUX_ELSA-2021-3296.NASL", "ORACLELINUX_ELSA-2021-4033.NASL", "ORACLELINUX_ELSA-2021-4160.NASL", "ORACLELINUX_ELSA-2021-4162.NASL", "ORACLELINUX_ELSA-2021-5226.NASL", "ORACLELINUX_ELSA-2021-9478.NASL", "ORACLELINUX_ELSA-2021-9560.NASL", "ORACLELINUX_ELSA-2021-9561.NASL", "ORACLELINUX_ELSA-2021-9632.NASL", "ORACLEVM_OVMSA-2021-0040.NASL", "ORACLE_NOSQL_CPU_APR_2021.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2021.NASL", "PHOTONOS_PHSA-2020-1_0-0281_NCURSES.NASL", "PHOTONOS_PHSA-2021-1_0-0376_GLIB.NASL", "PHOTONOS_PHSA-2021-1_0-0377_CURL.NASL", "PHOTONOS_PHSA-2021-1_0-0391_GNUTLS.NASL", "PHOTONOS_PHSA-2021-1_0-0393_CURL.NASL", "PHOTONOS_PHSA-2021-1_0-0396_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-1_0-0401_GLIBC.NASL", "PHOTONOS_PHSA-2021-1_0-0404_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-1_0-0414_RPM.NASL", "PHOTONOS_PHSA-2021-1_0-0417_CURL.NASL", "PHOTONOS_PHSA-2021-1_0-0426_NETTLE.NASL", "PHOTONOS_PHSA-2021-1_0-0429_OPENSSL.NASL", "PHOTONOS_PHSA-2021-2_0-0332_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-2_0-0333_GLIB.NASL", "PHOTONOS_PHSA-2021-2_0-0334_CURL.NASL", "PHOTONOS_PHSA-2021-2_0-0349_CURL.NASL", "PHOTONOS_PHSA-2021-2_0-0349_GNUTLS.NASL", "PHOTONOS_PHSA-2021-2_0-0351_LIBWEBP.NASL", "PHOTONOS_PHSA-2021-2_0-0354_GLIBC.NASL", "PHOTONOS_PHSA-2021-2_0-0355_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-2_0-0358_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-2_0-0358_ZOOKEEPER.NASL", "PHOTONOS_PHSA-2021-2_0-0372_CURL.NASL", "PHOTONOS_PHSA-2021-2_0-0380_NETTLE.NASL", "PHOTONOS_PHSA-2021-2_0-0383_NXTGN.NASL", "PHOTONOS_PHSA-2021-2_0-0383_OPENSSL.NASL", "PHOTONOS_PHSA-2021-2_0-0394_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-3_0-0210_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-3_0-0213_GLIB.NASL", "PHOTONOS_PHSA-2021-3_0-0215_CURL.NASL", "PHOTONOS_PHSA-2021-3_0-0241_GNUTLS.NASL", "PHOTONOS_PHSA-2021-3_0-0241_RPM.NASL", "PHOTONOS_PHSA-2021-3_0-0243_CURL.NASL", "PHOTONOS_PHSA-2021-3_0-0244_LIBWEBP.NASL", "PHOTONOS_PHSA-2021-3_0-0251_GLIBC.NASL", "PHOTONOS_PHSA-2021-3_0-0253_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-3_0-0254_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-3_0-0254_ZOOKEEPER.NASL", "PHOTONOS_PHSA-2021-3_0-0273_CURL.NASL", "PHOTONOS_PHSA-2021-3_0-0286_NETTLE.NASL", "PHOTONOS_PHSA-2021-3_0-0290_NXTGN.NASL", "PHOTONOS_PHSA-2021-3_0-0290_OPENSSL.NASL", "PHOTONOS_PHSA-2021-3_0-0303_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-3_0-0324_RUST.NASL", "PHOTONOS_PHSA-2021-4_0-0007_CURL.NASL", "PHOTONOS_PHSA-2021-4_0-0007_GLIB.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LIBTIFF.NASL", "PHOTONOS_PHSA-2021-4_0-0007_OPENSSL.NASL", "PHOTONOS_PHSA-2021-4_0-0030_RPM.NASL", "PHOTONOS_PHSA-2021-4_0-0033_CURL.NASL", "PHOTONOS_PHSA-2021-4_0-0035_GNUTLS.NASL", "PHOTONOS_PHSA-2021-4_0-0043_LIBSOLV.NASL", "PHOTONOS_PHSA-2021-4_0-0048_LIBJPEG.NASL", "PHOTONOS_PHSA-2021-4_0-0069_CURL.NASL", "PHOTONOS_PHSA-2021-4_0-0083_NETTLE.NASL", "PHOTONOS_PHSA-2021-4_0-0122_RUST.NASL", "PYTHON_3_10_0A7.NASL", "PYTHON_PYDOC_ID.NBIN", "REDHAT-RHSA-2019-1243.NASL", "REDHAT-RHSA-2019-4238.NASL", "REDHAT-RHSA-2021-1511.NASL", "REDHAT-RHSA-2021-2328.NASL", "REDHAT-RHSA-2021-2472.NASL", "REDHAT-RHSA-2021-2692.NASL", "REDHAT-RHSA-2021-2693.NASL", "REDHAT-RHSA-2021-2694.NASL", "REDHAT-RHSA-2021-3254.NASL", "REDHAT-RHSA-2021-3296.NASL", "REDHAT-RHSA-2021-4033.NASL", "REDHAT-RHSA-2021-4034.NASL", "REDHAT-RHSA-2021-4035.NASL", "REDHAT-RHSA-2021-4036.NASL", "REDHAT-RHSA-2021-4037.NASL", "REDHAT-RHSA-2021-4038.NASL", "REDHAT-RHSA-2021-4039.NASL", "REDHAT-RHSA-2021-4160.NASL", "REDHAT-RHSA-2021-4162.NASL", "REDHAT-RHSA-2021-4172.NASL", "REDHAT-RHSA-2021-4198.NASL", "REDHAT-RHSA-2021-4231.NASL", "REDHAT-RHSA-2021-4241.NASL", "REDHAT-RHSA-2021-4288.NASL", "REDHAT-RHSA-2021-4326.NASL", "REDHAT-RHSA-2021-4358.NASL", "REDHAT-RHSA-2021-4368.NASL", "REDHAT-RHSA-2021-4373.NASL", "REDHAT-RHSA-2021-4374.NASL", "REDHAT-RHSA-2021-4382.NASL", "REDHAT-RHSA-2021-4385.NASL", "REDHAT-RHSA-2021-4386.NASL", "REDHAT-RHSA-2021-4387.NASL", "REDHAT-RHSA-2021-4396.NASL", "REDHAT-RHSA-2021-4399.NASL", "REDHAT-RHSA-2021-4408.NASL", "REDHAT-RHSA-2021-4409.NASL", "REDHAT-RHSA-2021-4424.NASL", "REDHAT-RHSA-2021-4426.NASL", "REDHAT-RHSA-2021-4451.NASL", "REDHAT-RHSA-2021-4455.NASL", "REDHAT-RHSA-2021-4464.NASL", "REDHAT-RHSA-2021-4489.NASL", "REDHAT-RHSA-2021-4510.NASL", "REDHAT-RHSA-2021-4511.NASL", "REDHAT-RHSA-2021-4513.NASL", "REDHAT-RHSA-2021-4517.NASL", "REDHAT-RHSA-2021-4585.NASL", "REDHAT-RHSA-2021-4586.NASL", "REDHAT-RHSA-2021-4587.NASL", "REDHAT-RHSA-2021-4588.NASL", "REDHAT-RHSA-2021-4589.NASL", "REDHAT-RHSA-2021-4590.NASL", "REDHAT-RHSA-2021-4591.NASL", "REDHAT-RHSA-2021-4592.NASL", "REDHAT-RHSA-2021-4593.NASL", "REDHAT-RHSA-2021-4594.NASL", "REDHAT-RHSA-2021-4595.NASL", "REDHAT-RHSA-2021-4596.NASL", "REDHAT-RHSA-2021-4598.NASL", "REDHAT-RHSA-2021-4599.NASL", "REDHAT-RHSA-2021-4600.NASL", "REDHAT-RHSA-2021-4601.NASL", "REDHAT-RHSA-2021-4602.NASL", "REDHAT-RHSA-2021-4614.NASL", "REDHAT-RHSA-2021-4932.NASL", "REDHAT-RHSA-2021-4933.NASL", "REDHAT-RHSA-2021-4969.NASL", "REDHAT-RHSA-2021-5006.NASL", "REDHAT-RHSA-2021-5035.NASL", "REDHAT-RHSA-2021-5226.NASL", "REDHAT_UPDATE_LEVEL.NASL", "SECURITYCENTER_5_19_0_TNS_2021_14.NASL", "SECURITYCENTER_OPENSSL_1_1_1J_TNS_2021_03.NASL", "SECURITYCENTER_OPENSSL_1_1_1L_TNS_2021_16.NASL", "SLACKWARE_SSA_2021-090-01.NASL", "SLACKWARE_SSA_2021-139-01.NASL", "SLACKWARE_SSA_2021-202-02.NASL", "SL_20210609_QT5_QTIMAGEFORMATS_ON_SL7_X.NASL", "SL_20211102_BINUTILS_ON_SL7_X.NASL", "SL_20211202_NSS_ON_SL7_X.NASL", "SOLARIS_JUL2021_SRU11_3_36_26_0.NASL", "SUSE_SU-2019-2997-1.NASL", "SUSE_SU-2019-3094-1.NASL", "SUSE_SU-2020-3882-1.NASL", "SUSE_SU-2021-0725-1.NASL", "SUSE_SU-2021-0752-1.NASL", "SUSE_SU-2021-0753-1.NASL", "SUSE_SU-2021-0754-1.NASL", "SUSE_SU-2021-0755-1.NASL", "SUSE_SU-2021-0769-1.NASL", "SUSE_SU-2021-0793-1.NASL", "SUSE_SU-2021-0934-1.NASL", "SUSE_SU-2021-0935-1.NASL", "SUSE_SU-2021-0939-1.NASL", "SUSE_SU-2021-1006-1.NASL", "SUSE_SU-2021-1396-1.NASL", "SUSE_SU-2021-14667-1.NASL", "SUSE_SU-2021-14670-1.NASL", "SUSE_SU-2021-14707-1.NASL", "SUSE_SU-2021-14735-1.NASL", "SUSE_SU-2021-14748-1.NASL", "SUSE_SU-2021-14751-1.NASL", "SUSE_SU-2021-14768-1.NASL", "SUSE_SU-2021-14791-1.NASL", "SUSE_SU-2021-14792-1.NASL", "SUSE_SU-2021-1490-1.NASL", "SUSE_SU-2021-1762-1.NASL", "SUSE_SU-2021-1763-1.NASL", "SUSE_SU-2021-1765-1.NASL", "SUSE_SU-2021-1766-1.NASL", "SUSE_SU-2021-1786-1.NASL", "SUSE_SU-2021-1809-1.NASL", "SUSE_SU-2021-1830-1.NASL", "SUSE_SU-2021-1860-1.NASL", "SUSE_SU-2021-1892-1.NASL", "SUSE_SU-2021-1897-1.NASL", "SUSE_SU-2021-1957-1.NASL", "SUSE_SU-2021-1958-1.NASL", "SUSE_SU-2021-2425-1.NASL", "SUSE_SU-2021-2439-1.NASL", "SUSE_SU-2021-2440-1.NASL", "SUSE_SU-2021-2462-1.NASL", "SUSE_SU-2021-2480-1.NASL", "SUSE_SU-2021-2825-1.NASL", "SUSE_SU-2021-2826-1.NASL", "SUSE_SU-2021-2827-1.NASL", "SUSE_SU-2021-2829-1.NASL", "SUSE_SU-2021-2830-1.NASL", "SUSE_SU-2021-2831-1.NASL", "SUSE_SU-2021-2833-1.NASL", "SUSE_SU-2021-2852-1.NASL", "SUSE_SU-2021-3144-1.NASL", "SUSE_SU-2021-3444-1.NASL", "SUSE_SU-2021-3652-1.NASL", "SUSE_SU-2021-4001-1.NASL", "SUSE_SU-2021-4002-1.NASL", "SUSE_SU-2021-4015-1.NASL", "SUSE_SU-2021-4015-2.NASL", "SUSE_SU-2021-4051-1.NASL", "SUSE_SU-2021-4104-1.NASL", "SUSE_SU-2021-4155-1.NASL", "TENABLE_NESSUS_AGENT_TNS_2021_04.NASL", "UBUNTU_USN-4172-1.NASL", "UBUNTU_USN-4205-1.NASL", "UBUNTU_USN-4298-1.NASL", "UBUNTU_USN-4738-1.NASL", "UBUNTU_USN-4755-1.NASL", "UBUNTU_USN-4764-1.NASL", "UBUNTU_USN-4898-1.NASL", "UBUNTU_USN-4966-1.NASL", "UBUNTU_USN-4966-2.NASL", "UBUNTU_USN-4971-1.NASL", "UBUNTU_USN-4971-2.NASL", "UBUNTU_USN-4990-1.NASL", "UBUNTU_USN-5021-1.NASL", "UBUNTU_USN-5029-1.NASL", "UBUNTU_USN-5051-1.NASL", "UBUNTU_USN-5051-2.NASL", "UBUNTU_USN-5051-3.NASL", "UBUNTU_USN-5080-2.NASL", "UBUNTU_USN-5088-1.NASL", "UBUNTU_USN-5093-1.NASL", "UBUNTU_USN-5189-1.NASL", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5310-1.NASL", "VMWARE_VCENTER_LOG4SHELL.NBIN", "WEB_APPLICATION_SCANNING_113075"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2021-23840"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704500", "OPENVAS:1361412562310815042", "OPENVAS:1361412562310815043", "OPENVAS:1361412562310815044", "OPENVAS:1361412562310815871", "OPENVAS:1361412562310815872", "OPENVAS:1361412562310815873", "OPENVAS:1361412562310844220", "OPENVAS:1361412562310844254", "OPENVAS:1361412562310844360", "OPENVAS:1361412562310852519", "OPENVAS:1361412562310852783", "OPENVAS:1361412562310876388", "OPENVAS:1361412562310876455", "OPENVAS:1361412562310876645", "OPENVAS:1361412562310876960", "OPENVAS:1361412562310876983", "OPENVAS:1361412562310877072", "OPENVAS:1361412562311220201142", "OPENVAS:1361412562311220201201", "OPENVAS:1361412562311220201206"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2328", "ELSA-2021-3296", "ELSA-2021-4033", "ELSA-2021-4160", "ELSA-2021-4162", "ELSA-2021-4903", "ELSA-2021-4904", "ELSA-2021-9632"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162737", "PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165642"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "photon", "idList": ["PHSA-2019-2.0-0190", "PHSA-2019-3.0-0037", "PHSA-2020-1.0-0264", "PHSA-2020-1.0-0298", "PHSA-2020-1.0-0305", "PHSA-2020-2.0-0198", "PHSA-2020-2.0-0249", "PHSA-2020-2.0-0256", "PHSA-2020-3.0-0093", "PHSA-2020-3.0-0101", "PHSA-2020-3.0-0108", "PHSA-2021-0325", "PHSA-2021-0334", "PHSA-2021-1.0-0366", "PHSA-2021-1.0-0376", "PHSA-2021-1.0-0377", "PHSA-2021-1.0-0391", "PHSA-2021-1.0-0393", "PHSA-2021-1.0-0396", "PHSA-2021-1.0-0401", "PHSA-2021-1.0-0404", "PHSA-2021-1.0-0414", "PHSA-2021-1.0-0417", "PHSA-2021-1.0-0422", "PHSA-2021-1.0-0426", "PHSA-2021-1.0-0429", "PHSA-2021-1.0-0435", "PHSA-2021-2.0-0325", "PHSA-2021-2.0-0332", "PHSA-2021-2.0-0333", "PHSA-2021-2.0-0334", "PHSA-2021-2.0-0349", "PHSA-2021-2.0-0351", "PHSA-2021-2.0-0354", "PHSA-2021-2.0-0355", "PHSA-2021-2.0-0358", "PHSA-2021-2.0-0372", "PHSA-2021-2.0-0377", "PHSA-2021-2.0-0380", "PHSA-2021-2.0-0383", "PHSA-2021-2.0-0394", "PHSA-2021-3.0-0200", "PHSA-2021-3.0-0210", "PHSA-2021-3.0-0213", "PHSA-2021-3.0-0215", "PHSA-2021-3.0-0241", "PHSA-2021-3.0-0243", "PHSA-2021-3.0-0244", "PHSA-2021-3.0-0251", "PHSA-2021-3.0-0253", "PHSA-2021-3.0-0254", "PHSA-2021-3.0-0257", "PHSA-2021-3.0-0273", "PHSA-2021-3.0-0281", "PHSA-2021-3.0-0286", "PHSA-2021-3.0-0290", "PHSA-2021-3.0-0303", "PHSA-2021-3.0-0324", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0030", "PHSA-2021-4.0-0033", "PHSA-2021-4.0-0035", "PHSA-2021-4.0-0043", "PHSA-2021-4.0-0048", "PHSA-2021-4.0-0069", "PHSA-2021-4.0-0077", "PHSA-2021-4.0-0083", "PHSA-2021-4.0-0094", "PHSA-2021-4.0-0122"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:33FD0B08A1B2E414EAA2ADDFCDFE0EB1", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "QUALYSBLOG:F55CD820063DB6DC3B7A1C8CAE16FC6B"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:9171BB636F16B6AC97B939C701ABE971", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:C6C1B8357ABD28AEB0F423A0A099098A", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E"]}, {"type": "redhat", "idList": ["RHSA-2021:2328", "RHSA-2021:2693", "RHSA-2021:4904", "RHSA-2021:4909", "RHSA-2022:0044", "RHSA-2022:0191", "RHSA-2022:0223", "RHSA-2022:0728"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-17541", "RH:CVE-2020-35521", "RH:CVE-2020-35522", "RH:CVE-2020-35523", "RH:CVE-2020-35524", "RH:CVE-2020-36242", "RH:CVE-2020-36331", "RH:CVE-2021-20231", "RH:CVE-2021-20232", "RH:CVE-2021-20266", "RH:CVE-2021-21409", "RH:CVE-2021-22876", "RH:CVE-2021-22898", "RH:CVE-2021-22925", "RH:CVE-2021-23840", "RH:CVE-2021-23841", "RH:CVE-2021-27645", "RH:CVE-2021-28153", "RH:CVE-2021-31535", "RH:CVE-2021-3200", "RH:CVE-2021-33560", "RH:CVE-2021-33574", "RH:CVE-2021-3426", "RH:CVE-2021-3445", "RH:CVE-2021-3481", "RH:CVE-2021-3572", "RH:CVE-2021-3580", "RH:CVE-2021-36084", "RH:CVE-2021-36085", "RH:CVE-2021-36086", "RH:CVE-2021-36087", "RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-42574", "RH:CVE-2021-43527", "RH:CVE-2021-44228", "RH:CVE-2021-44832", "RH:CVE-2021-45046"]}, {"type": "rocky", "idList": ["RLSA-2021:4358", "RLSA-2021:4409", "RLSA-2021:4511", "RLSA-2021:4517", "RLSA-2021:4903", "RLSA-2021:5226"]}, {"type": "rustsec", "idList": ["RUSTSEC-2021-0057", "RUSTSEC-2021-0058", "RUSTSEC-2021-0098"]}, {"type": "schneier", "idList": ["SCHNEIER:7105A847CAE97418252DC3F58DD47B12"]}, {"type": "securelist", "idList": ["SECURELIST:7A375F44156FACA25A0B3990F2CD73C1"]}, {"type": "slackware", "idList": ["SSA-2021-090-01", "SSA-2021-139-01", "SSA-2021-202-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1456-1", "OPENSUSE-SU-2019:1488-1", "OPENSUSE-SU-2019:2550-1", "OPENSUSE-SU-2019:2551-1", "OPENSUSE-SU-2019:2692-1", "OPENSUSE-SU-2019:2694-1", "OPENSUSE-SU-2020:2240-1", "OPENSUSE-SU-2020:2298-1", "OPENSUSE-SU-2021:0357-1", "OPENSUSE-SU-2021:0372-1", "OPENSUSE-SU-2021:0427-1", "OPENSUSE-SU-2021:0430-1", "OPENSUSE-SU-2021:0470-1", "OPENSUSE-SU-2021:0510-1", "OPENSUSE-SU-2021:0807-1", "OPENSUSE-SU-2021:0808-1", "OPENSUSE-SU-2021:0857-1", "OPENSUSE-SU-2021:0892-1", "OPENSUSE-SU-2021:0906-1", "OPENSUSE-SU-2021:0919-1", "OPENSUSE-SU-2021:0962-1", "OPENSUSE-SU-2021:1058-1", "OPENSUSE-SU-2021:1088-1", "OPENSUSE-SU-2021:1188-1", "OPENSUSE-SU-2021:1189-1", "OPENSUSE-SU-2021:1366-1", "OPENSUSE-SU-2021:1371-1", "OPENSUSE-SU-2021:1374-1", "OPENSUSE-SU-2021:1441-1", "OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1613-1", "OPENSUSE-SU-2021:1762-1", "OPENSUSE-SU-2021:1860-1", "OPENSUSE-SU-2021:1897-1", "OPENSUSE-SU-2021:1958-1", "OPENSUSE-SU-2021:2143-1", "OPENSUSE-SU-2021:2157-1", "OPENSUSE-SU-2021:2196-1", "OPENSUSE-SU-2021:2320-1", "OPENSUSE-SU-2021:2439-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4001-1", "OPENSUSE-SU-2021:4002-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4104-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1"]}, {"type": "symantec", "idList": ["SMNTC-17570", "SMNTC-19793"]}, {"type": "thn", "idList": ["THN:0468E8E1C5525F2A9F2ED37592AE0910", "THN:14CB4751E7438DE917A5DB217D67AA29", "THN:14D74115700FA05CAF20056AB520447D", "THN:1D10167F5D53B2791D676CF56488D5D9", "THN:1E1BEA193C556F91F471CD5B785B85B3", "THN:1E4DA950F02E02DFD1649B39A06A82C6", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:317555CB8AA3A9E1AE70E218E44CC2EE", "THN:368B6517F020AB4BF1B2344EDC8234A4", "THN:3AB82AD3C4EB492FE308B1276534EBD7", "THN:4BC5D1A9ACDADBABF85BF51166D61386", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5D8CEBFFF41D128545CD83F6F45D68F4", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:7192158FCB73BD803AF179B755D61CD1", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:7958F9B1AA180122992C6A0FADB03536", "THN:7A9C39D8DACC3A4C7336ECA18FD3D889", "THN:7E3A24826E7BA91EE1C13CFA71AB1D07", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:88184AFF85BF7EC0848D95E6BB0BEDB4", "THN:A12549603E494D035DF4BABEC04EBD5D", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:B078A239291615ADE17044ED56E2347B", "THN:C4188C7A44467E425407D33067C14094", "THN:DC2D78987D283D806FF145511EF10596", "THN:E006E516DD134F047ED991AC23F057A4", "THN:F8D94BE25D6D25E0F52FB4433E619721", "THN:FADB0A82C9DCE0870E617D4A8E5A34A6"]}, {"type": "threatpost", "idList": ["THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:3D7559852080DD2D74780AC6D5F191C7", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:703466E6007D5E2783255F53CBE5B433", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8FFF44C70736D8E21796B9337E52F29D", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:B5964CC2880F7E4AFF1E9C5DEEE5B287", "THREATPOST:C19CE965CE9C8D3208D35F56D8C5D2D6", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:EE0A71A925297032000651C344890BDD"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02"]}, {"type": "ubuntu", "idList": ["USN-4172-1", "USN-4172-2", "USN-4205-1", "USN-4298-1", "USN-4764-1", "USN-4898-1", "USN-4903-1", "USN-4966-1", "USN-4966-2", "USN-4971-1", "USN-4971-2", "USN-4990-1", "USN-5021-1", "USN-5021-2", "USN-5029-1", "USN-5051-1", "USN-5051-2", "USN-5051-3", "USN-5088-1", "USN-5093-1", "USN-5168-1", "USN-5168-2", "USN-5168-3", "USN-5189-1", "USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5241-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-17541", "UB:CVE-2021-20266", "UB:CVE-2021-21409", "UB:CVE-2021-22876", "UB:CVE-2021-22898", "UB:CVE-2021-22925", "UB:CVE-2021-31535", "UB:CVE-2021-3200", "UB:CVE-2021-33560", "UB:CVE-2021-33574", "UB:CVE-2021-3426", "UB:CVE-2021-3445", "UB:CVE-2021-3481", "UB:CVE-2021-3572", "UB:CVE-2021-3580", "UB:CVE-2021-3712", "UB:CVE-2021-37137", "UB:CVE-2021-3800", "UB:CVE-2021-42574", "UB:CVE-2021-43527", "UB:CVE-2021-44228", "UB:CVE-2021-45046"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.4", "VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "zdt", "idList": ["1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37257"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-20673", "epss": 0.00091, "percentile": 0.37676, "modified": "2023-05-03"}, {"cve": "CVE-2018-25009", "epss": 0.00207, "percentile": 0.57174, "modified": "2023-05-03"}, {"cve": "CVE-2018-25010", "epss": 0.00207, "percentile": 0.57148, "modified": "2023-05-03"}, {"cve": "CVE-2018-25012", "epss": 0.00207, "percentile": 0.57148, "modified": "2023-05-03"}, {"cve": "CVE-2018-25013", "epss": 0.00207, "percentile": 0.57148, "modified": "2023-05-03"}, {"cve": "CVE-2018-25014", "epss": 0.00211, "percentile": 0.57484, "modified": "2023-05-03"}, {"cve": "CVE-2019-13750", "epss": 0.00364, "percentile": 0.68203, "modified": "2023-05-03"}, {"cve": "CVE-2019-13751", "epss": 0.00597, "percentile": 0.75196, "modified": "2023-05-03"}, {"cve": "CVE-2019-17594", "epss": 0.00055, "percentile": 0.20653, "modified": "2023-05-03"}, {"cve": "CVE-2019-17595", "epss": 0.00151, "percentile": 0.49897, "modified": "2023-05-03"}, {"cve": "CVE-2019-18218", "epss": 0.00086, "percentile": 0.34984, "modified": "2023-05-03"}, {"cve": "CVE-2019-19603", "epss": 0.00212, "percentile": 0.5759, "modified": "2023-05-03"}, {"cve": "CVE-2019-20838", "epss": 0.00744, "percentile": 0.78205, "modified": "2023-05-03"}, {"cve": "CVE-2019-5827", "epss": 0.00408, "percentile": 0.69973, "modified": "2023-05-03"}, {"cve": "CVE-2020-12762", "epss": 0.0008, "percentile": 0.32946, "modified": "2023-05-03"}, {"cve": "CVE-2020-13435", "epss": 0.00106, "percentile": 0.41701, "modified": "2023-05-03"}, {"cve": "CVE-2020-14145", "epss": 0.00147, "percentile": 0.49305, "modified": "2023-05-03"}, {"cve": "CVE-2020-14155", "epss": 0.00275, "percentile": 0.63304, "modified": "2023-05-03"}, {"cve": "CVE-2020-16135", "epss": 0.00668, "percentile": 0.76761, "modified": "2023-05-03"}, {"cve": "CVE-2020-17541", "epss": 0.00327, "percentile": 0.66427, "modified": "2023-05-03"}, {"cve": "CVE-2020-24370", "epss": 0.00109, "percentile": 0.42563, "modified": "2023-05-03"}, {"cve": "CVE-2020-35521", "epss": 0.00067, "percentile": 0.27345, "modified": "2023-05-03"}, {"cve": "CVE-2020-35522", "epss": 0.00125, "percentile": 0.45549, "modified": "2023-05-03"}, {"cve": "CVE-2020-35523", "epss": 0.00198, "percentile": 0.5615, "modified": "2023-05-02"}, {"cve": "CVE-2020-35524", "epss": 0.00209, "percentile": 0.57345, "modified": "2023-05-03"}, {"cve": "CVE-2020-36330", "epss": 0.00204, "percentile": 0.56883, "modified": "2023-05-03"}, {"cve": "CVE-2020-36331", "epss": 0.00203, "percentile": 0.56805, "modified": "2023-05-03"}, {"cve": "CVE-2020-36332", "epss": 0.00128, "percentile": 0.46107, "modified": "2023-05-03"}, {"cve": "CVE-2021-20231", "epss": 0.0044, "percentile": 0.71033, "modified": "2023-05-03"}, {"cve": "CVE-2021-20232", "epss": 0.00605, "percentile": 0.75408, "modified": "2023-05-03"}, {"cve": "CVE-2021-20266", "epss": 0.00109, "percentile": 0.42391, "modified": "2023-05-03"}, {"cve": "CVE-2021-21409", "epss": 0.77039, "percentile": 0.97686, "modified": "2023-05-03"}, {"cve": "CVE-2021-22876", "epss": 0.00333, "percentile": 0.66808, "modified": "2023-05-03"}, {"cve": "CVE-2021-22898", "epss": 0.00166, "percentile": 0.51785, "modified": "2023-05-03"}, {"cve": "CVE-2021-22925", "epss": 0.00165, "percentile": 0.51733, "modified": "2023-05-03"}, {"cve": "CVE-2021-23840", "epss": 0.00316, "percentile": 0.65896, "modified": "2023-05-03"}, {"cve": "CVE-2021-23841", "epss": 0.00299, "percentile": 0.64869, "modified": "2023-05-03"}, {"cve": "CVE-2021-27645", "epss": 0.00047, "percentile": 0.14405, "modified": "2023-05-03"}, {"cve": "CVE-2021-28153", "epss": 0.00242, "percentile": 0.60633, "modified": "2023-05-03"}, {"cve": "CVE-2021-31535", "epss": 0.02325, "percentile": 0.88118, "modified": "2023-05-03"}, {"cve": "CVE-2021-3200", "epss": 0.00059, "percentile": 0.22703, "modified": "2023-05-03"}, {"cve": "CVE-2021-33560", "epss": 0.00105, "percentile": 0.41486, "modified": "2023-05-03"}, {"cve": "CVE-2021-33574", "epss": 0.00219, "percentile": 0.58368, "modified": "2023-05-03"}, {"cve": "CVE-2021-3426", "epss": 0.00061, "percentile": 0.24048, "modified": "2023-05-03"}, {"cve": "CVE-2021-3445", "epss": 0.00203, "percentile": 0.56818, "modified": "2023-05-03"}, {"cve": "CVE-2021-3481", "epss": 0.00049, "percentile": 0.16272, "modified": "2023-05-03"}, {"cve": "CVE-2021-3572", "epss": 0.00057, "percentile": 0.21697, "modified": "2023-05-03"}, {"cve": "CVE-2021-3580", "epss": 0.00128, "percentile": 0.46107, "modified": "2023-05-03"}, {"cve": "CVE-2021-35942", "epss": 0.00509, "percentile": 0.73093, "modified": "2023-05-03"}, {"cve": "CVE-2021-36084", "epss": 0.00067, "percentile": 0.27361, "modified": "2023-05-03"}, {"cve": "CVE-2021-36085", "epss": 0.00052, "percentile": 0.18168, "modified": "2023-05-03"}, {"cve": "CVE-2021-36086", "epss": 0.00052, "percentile": 0.18168, "modified": "2023-05-03"}, {"cve": "CVE-2021-36087", "epss": 0.00055, "percentile": 0.20653, "modified": "2023-05-03"}, {"cve": "CVE-2021-3712", "epss": 0.00396, "percentile": 0.69507, "modified": "2023-05-03"}, {"cve": "CVE-2021-37136", "epss": 0.00176, "percentile": 0.53198, "modified": "2023-05-03"}, {"cve": "CVE-2021-37137", "epss": 0.00176, "percentile": 0.53198, "modified": "2023-05-03"}, {"cve": "CVE-2021-3778", "epss": 0.00092, "percentile": 0.38118, "modified": "2023-05-03"}, {"cve": "CVE-2021-3796", "epss": 0.00087, "percentile": 0.35923, "modified": "2023-05-03"}, {"cve": "CVE-2021-3800", "epss": 0.00053, "percentile": 0.18802, "modified": "2023-05-03"}, {"cve": "CVE-2021-42574", "epss": 0.00259, "percentile": 0.62153, "modified": "2023-05-03"}, {"cve": "CVE-2021-43527", "epss": 0.00282, "percentile": 0.6383, "modified": "2023-05-03"}, {"cve": "CVE-2021-44228", "epss": 0.97581, "percentile": 0.99999, "modified": "2023-05-03"}, {"cve": "CVE-2021-45046", "epss": 0.97503, "percentile": 0.99961, "modified": "2023-05-03"}], "vulnersScore": 9.0}, "_state": {"dependencies": 1692214586, "score": 1692214781, "epss": 0}, "_internal": {"score_hash": "cce926c45b3eb873ea9da99254ba4e0f"}, "affectedPackage": [], "vendorCvss": {"severity": "moderate"}}

{"redhat": [{"lastseen": "2023-08-16T15:27:36", "description": "Openshift Logging Security and Bug Fix Release (5.3.1)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T16:46:20", "type": "redhat", "title": "(RHSA-2021:5129) Moderate: Openshift Logging security and bug update (5.3.1)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20317", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:04:07", "id": "RHSA-2021:5129", "href": "https://access.redhat.com/errata/RHSA-2021:5129", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Openshift Logging Security and Bug Fix Release (5.2.4)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T16:45:56", "type": "redhat", "title": "(RHSA-2021:5127) Moderate: Openshift Logging security and bug update (5.2.4)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20317", "CVE-2021-21409", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:07:41", "id": "RHSA-2021:5127", "href": "https://access.redhat.com/errata/RHSA-2021:5127", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Openshift Logging Bug Fix Release (5.2.3)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) \n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-17T03:27:52", "type": "redhat", "title": "(RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23369", "CVE-2021-23383", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800"], "modified": "2021-11-17T03:28:01", "id": "RHSA-2021:4032", "href": "https://access.redhat.com/errata/RHSA-2021:4032", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Release of Red Hat OpenShift distributed Tracing provides these changes:\n\nSecurity Fix(es):\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThe Red Hat OpenShift distributed tracing release notes provide information on\nthe features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-27T16:46:55", "type": "redhat", "title": "(RHSA-2022:0318) Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-29923", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36221", "CVE-2021-3712", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574"], "modified": "2022-01-28T14:56:55", "id": "RHSA-2022:0318", "href": "https://access.redhat.com/errata/RHSA-2022:0318", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform.\nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API.\n\nSecurity Fix(es):\n\n* nodejs-ssh2: Command injection by calling vulnerable method with\nuntrusted input (CVE-2020-26301)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected.\n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. (BZ#2015939)\n\nRed Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-11-29T13:20:02", "type": "redhat", "title": "(RHSA-2021:4845) Moderate: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-26301", "CVE-2020-28493", "CVE-2020-8037", "CVE-2021-20095", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28957", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-42771"], "modified": "2021-11-29T13:20:46", "id": "RHSA-2021:4845", "href": "https://access.redhat.com/errata/RHSA-2021:4845", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: Command-line arguments may overwrite global data (CVE-2021-38297)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T17:07:25", "type": "redhat", "title": "(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-29923", "CVE-2021-3200", "CVE-2021-33196", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3445", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3800", "CVE-2021-38297", "CVE-2021-39293", "CVE-2021-42574"], "modified": "2022-02-03T17:08:36", "id": "RHSA-2022:0434", "href": "https://access.redhat.com/errata/RHSA-2022:0434", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* gitops: Path traversal and dereference of symlinks when passing Helm value files (CVE-2022-24348)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-17T21:43:14", "type": "redhat", "title": "(RHSA-2022:0580) Important: Red Hat OpenShift GitOps security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20271", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37750", "CVE-2021-3800", "CVE-2021-39241", "CVE-2021-40346", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44790", "CVE-2022-24348"], "modified": "2022-02-17T21:43:37", "id": "RHSA-2022:0580", "href": "https://access.redhat.com/errata/RHSA-2022:0580", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T09:17:24", "type": "redhat", "title": "(RHSA-2022:0842) Important: Release of containers for OSP 16.2 director operator tech preview", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3800", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-42574", "CVE-2021-44716", "CVE-2022-24407"], "modified": "2022-03-14T09:17:56", "id": "RHSA-2022:0842", "href": "https://access.redhat.com/errata/RHSA-2022:0842", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform.\n\n1. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. \n\n2. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds.\n\n3. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that may be used to run a pod\u2019s containers using the Runtime Class policy criteria.\n\nSecurity Fix(es):\n\n* civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304)\n\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n\n* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed.\n\n2. Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.\n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images.\n2. The Port exposure method policy criteria now include route as an exposure method.\n3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation.\n4. The OpenShift Compliance Operator integration now supports using TailoredProfiles.\n5. The RHACS Jenkins plugin now provides additional security information.\n6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values.\n7. The default uid:gid pair for the Scanner image is now 65534:65534.\n8. RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes.\n9. If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies.\n10. In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode. \n11. You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check\n12. You can now use a regular expression for the deployment name while specifying policy exclusions", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-01T16:08:19", "type": "redhat", "title": "(RHSA-2021:4902) Moderate: ACS 3.67 security and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-27304", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23343", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-29923", "CVE-2021-3200", "CVE-2021-32690", "CVE-2021-33196", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3445", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3749", "CVE-2021-3800", "CVE-2021-3801", "CVE-2021-39293"], "modified": "2021-12-01T16:08:34", "id": "RHSA-2021:4902", "href": "https://access.redhat.com/errata/RHSA-2021:4902", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T08:47:24", "type": "redhat", "title": "(RHSA-2021:4231) Moderate: libwebp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-11-09T14:11:00", "id": "RHSA-2021:4231", "href": "https://access.redhat.com/errata/RHSA-2021:4231", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.\n\nClusters and applications are all visible and managed from a single console \u2014 with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-3795 semver-regex: inefficient regular expression complexity\n\n* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 \n\nRelated bugs: \n\n* RHACM 2.2.10 images (Bugzilla #2013652)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-08T21:27:56", "type": "redhat", "title": "(RHSA-2021:5038) Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-10747", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-36385", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20271", "CVE-2021-20317", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23440", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3733", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3795", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267", "CVE-2021-43527"], "modified": "2021-12-08T21:28:29", "id": "RHSA-2021:5038", "href": "https://access.redhat.com/errata/RHSA-2021:5038", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API.\n\nSecurity Fix(es):\n\n* nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757)\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-29T14:28:33", "type": "redhat", "title": "(RHSA-2021:4848) Moderate: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27218", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3445", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3620", "CVE-2021-36222", "CVE-2021-3733", "CVE-2021-3757", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-3948"], "modified": "2021-11-29T14:28:50", "id": "RHSA-2021:4848", "href": "https://access.redhat.com/errata/RHSA-2021:4848", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include security updates, and container upgrades.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-28T12:46:09", "type": "redhat", "title": "(RHSA-2022:1081) Moderate: Gatekeeper Operator v0.2 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23177", "CVE-2021-28153", "CVE-2021-31566", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3580", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3800", "CVE-2021-3999", "CVE-2021-42574", "CVE-2021-43565", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23806", "CVE-2022-24407"], "modified": "2022-03-28T12:46:25", "id": "RHSA-2022:1081", "href": "https://access.redhat.com/errata/RHSA-2022:1081", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.8.3 images:\n\nRHEL-8-CNV-4.8\n==============\nhostpath-provisioner-container-v4.8.3-4\nkubevirt-v2v-conversion-container-v4.8.3-3\nvirt-cdi-cloner-container-v4.8.3-4\nvirt-cdi-operator-container-v4.8.3-4\nvirt-cdi-uploadproxy-container-v4.8.3-4\nvirt-launcher-container-v4.8.3-9\nvm-import-operator-container-v4.8.3-7\nvirt-cdi-apiserver-container-v4.8.3-4\nkubevirt-vmware-container-v4.8.3-3\nvirt-api-container-v4.8.3-9\nvm-import-virtv2v-container-v4.8.3-7\nvirtio-win-container-v4.8.3-3\nnode-maintenance-operator-container-v4.8.3-2\nhostpath-provisioner-operator-container-v4.8.3-4\nvirt-cdi-controller-container-v4.8.3-4\nvirt-cdi-importer-container-v4.8.3-4\nbridge-marker-container-v4.8.3-3\novs-cni-marker-container-v4.8.3-3\nvirt-handler-container-v4.8.3-9\nvirt-controller-container-v4.8.3-9\ncnv-containernetworking-plugins-container-v4.8.3-3\nkubevirt-template-validator-container-v4.8.3-3\nhyperconverged-cluster-webhook-container-v4.8.3-5\novs-cni-plugin-container-v4.8.3-3\nhyperconverged-cluster-operator-container-v4.8.3-5\nkubevirt-ssp-operator-container-v4.8.3-4\nvirt-cdi-uploadserver-container-v4.8.3-4\nkubemacpool-container-v4.8.3-5\nvm-import-controller-container-v4.8.3-7\nvirt-operator-container-v4.8.3-9\nkubernetes-nmstate-handler-container-v4.8.3-8\ncnv-must-gather-container-v4.8.3-12\ncluster-network-addons-operator-container-v4.8.3-8\nhco-bundle-registry-container-v4.8.3-58\n\nSecurity Fix(es):\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-02T15:41:38", "type": "redhat", "title": "(RHSA-2021:4914) Moderate: OpenShift Virtualization 4.8.3 Images security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-25648", "CVE-2020-36385", "CVE-2021-0512", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20317", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-29923", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-34558", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36222", "CVE-2021-3656", "CVE-2021-3733", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43267"], "modified": "2021-12-02T15:42:01", "id": "RHSA-2021:4914", "href": "https://access.redhat.com/errata/RHSA-2021:4914", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)\n\n* sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)\n\n* sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)\n\n* sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)\n\n* sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T09:16:47", "type": "redhat", "title": "(RHSA-2021:4396) Moderate: sqlite security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-19603", "CVE-2019-5827", "CVE-2020-13435"], "modified": "2021-11-09T14:13:41", "id": "RHSA-2021:4396", "href": "https://access.redhat.com/errata/RHSA-2021:4396", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.\n\nSecurity Fix(es):\n\n* libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)\n\n* libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)\n\n* libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521)\n\n* libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35522)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-09T08:50:38", "type": "redhat", "title": "(RHSA-2021:4241) Moderate: libtiff security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-11-09T14:09:59", "id": "RHSA-2021:4241", "href": "https://access.redhat.com/errata/RHSA-2021:4241", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-30T12:45:50", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.\n\nClusters and applications are all visible and managed from a single console \u2014 with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T12:22:55", "type": "redhat", "title": "(RHSA-2022:0856) Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-15256", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-25709", "CVE-2020-25710", "CVE-2021-0920", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23434", "CVE-2021-25214", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3752", "CVE-2021-3800", "CVE-2021-3872", "CVE-2021-39241", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-40346", "CVE-2021-4122", "CVE-2021-4155", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-42574", "CVE-2022-0155", "CVE-2022-0185", "CVE-2022-0330", "CVE-2022-22942", "CVE-2022-24407"], "modified": "2022-03-14T12:23:27", "id": "RHSA-2022:0856", "href": "https://access.redhat.com/errata/RHSA-2022:0856", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Openshift Logging Bug Fix Release (5.0.10)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T21:31:08", "type": "redhat", "title": "(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3712", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:05:11", "id": "RHSA-2021:5137", "href": "https://access.redhat.com/errata/RHSA-2021:5137", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T12:20:41", "description": "The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings).\n\nSecurity Fix(es):\n\n* libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084)\n\n* libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085)\n\n* libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086)\n\n* libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-11-09T09:39:50", "type": "redhat", "title": "(RHSA-2021:4513) Moderate: libsepol security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2021-11-09T14:11:42", "id": "RHSA-2021:4513", "href": "https://access.redhat.com/errata/RHSA-2021:4513", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-10T12:36:24", "description": "Openshift Logging Bug Fix Release (5.3.0)\n\nSecurity Fix(es):\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T12:52:28", "type": "redhat", "title": "(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33194", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574"], "modified": "2021-11-15T12:52:54", "id": "RHSA-2021:4627", "href": "https://access.redhat.com/errata/RHSA-2021:4627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:34:16", "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)\n\n* curl: TELNET stack contents disclosure (CVE-2021-22898)\n\n* curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-11-09T09:38:13", "type": "redhat", "title": "(RHSA-2021:4511) Moderate: curl security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925"], "modified": "2021-11-09T14:09:18", "id": "RHSA-2021:4511", "href": "https://access.redhat.com/errata/RHSA-2021:4511", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-27T14:34:16", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* glibc: Arbitrary read in wordexp() (CVE-2021-35942)\n\n* glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (CVE-2021-27645)\n\n* glibc: mq_notify does not handle separately allocated thread attributes (CVE-2021-33574)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T09:08:59", "type": "redhat", "title": "(RHSA-2021:4358) Moderate: glibc security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27645", "CVE-2021-33574", "CVE-2021-35942"], "modified": "2021-11-09T14:13:04", "id": "RHSA-2021:4358", "href": "https://access.redhat.com/errata/RHSA-2021:4358", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T06:27:36", "type": "redhat", "title": "(RHSA-2022:0202) Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2018-20845", "CVE-2018-20847", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2018-5727", "CVE-2018-5785", "CVE-2019-12973", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-13558", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-15389", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-18032", "CVE-2020-24370", "CVE-2020-24870", "CVE-2020-27814", "CVE-2020-27823", "CVE-2020-27824", "CVE-2020-27828", "CVE-2020-27842", "CVE-2020-27843", "CVE-2020-27845", "CVE-2020-27918", "CVE-2020-29623", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36241", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2021-1765", "CVE-2021-1788", "CVE-2021-1789", "CVE-2021-1799", "CVE-2021-1801", "CVE-2021-1844", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20266", "CVE-2021-20271", "CVE-2021-20321", "CVE-2021-21775", "CVE-2021-21779", "CVE-2021-21806", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-26926", "CVE-2021-26927", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28650", "CVE-2021-29338", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30682", "CVE-2021-30689", "CVE-2021-30720", "CVE-2021-30734", "CVE-2021-30744", "CVE-2021-30749", "CVE-2021-30758", "CVE-2021-30795", "CVE-2021-30797", "CVE-2021-30799", "CVE-2021-31535", "CVE-2021-3200", "CVE-2021-3272", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3572", "CVE-2021-3575", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3733", "CVE-2021-37750", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-3948", "CVE-2021-41617", "CVE-2021-42574", "CVE-2021-43527"], "modified": "2022-01-20T06:28:12", "id": "RHSA-2022:0202", "href": "https://access.redhat.com/errata/RHSA-2022:0202", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T14:34:16", "description": "The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.\n\nNettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.\n\nThe following packages have been upgraded to a later upstream version: gnutls (3.6.16). (BZ#1956783)\n\nSecurity Fix(es):\n\n* nettle: Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580)\n\n* gnutls: Use after free in client key_share extension (CVE-2021-20231)\n\n* gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c (CVE-2021-20232)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T09:23:20", "type": "redhat", "title": "(RHSA-2021:4451) Moderate: gnutls and nettle security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20231", "CVE-2021-20232", "CVE-2021-3580"], "modified": "2021-11-09T14:12:33", "id": "RHSA-2021:4451", "href": "https://access.redhat.com/errata/RHSA-2021:4451", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "PCRE is a Perl-compatible regular expression library. \n\nSecurity Fix(es):\n\n* pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1 (CVE-2019-20838)\n\n* pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-09T09:12:45", "type": "redhat", "title": "(RHSA-2021:4373) Low: pcre security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20838", "CVE-2020-14155"], "modified": "2021-11-09T14:11:40", "id": "RHSA-2021:4373", "href": "https://access.redhat.com/errata/RHSA-2021:4373", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:29:43", "description": "The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.\n\nSecurity Fix(es):\n\n* ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (CVE-2019-17594)\n\n* ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (CVE-2019-17595)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-11-09T09:21:17", "type": "redhat", "title": "(RHSA-2021:4426) Moderate: ncurses security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17594", "CVE-2019-17595"], "modified": "2021-11-09T14:11:19", "id": "RHSA-2021:4426", "href": "https://access.redhat.com/errata/RHSA-2021:4426", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-25T14:25:22", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4231 advisory.\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n - libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n - libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n - libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n - libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n - libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n - libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : libwebp (RHSA-2021:4231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libwebp", "p-cpe:/a:redhat:enterprise_linux:libwebp-devel"], "id": "REDHAT-RHSA-2021-4231.NASL", "href": "https://www.tenable.com/plugins/nessus/155159", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4231. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155159);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4231\");\n\n script_name(english:\"RHEL 8 : libwebp (RHSA-2021:4231)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4231 advisory.\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n - libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n - libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n - libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n - libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n - libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n - libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-25009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-25010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-25012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-25013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-25014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956868\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956917\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956918\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956922\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956927\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libwebp and / or libwebp-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-25014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 125, 400, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwebp-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libwebp-1.0.0-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libwebp-1.0.0-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp / libwebp-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T20:31:54", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has libwebp packages installed that are affected by multiple vulnerabilities:\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). (CVE-2018-25009)\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().\n (CVE-2018-25010)\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). (CVE-2018-25012)\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().\n (CVE-2018-25013)\n\n - A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().\n (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0091)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2022-11-15T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:libwebp", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0091_LIBWEBP.NASL", "href": "https://www.tenable.com/plugins/nessus/167502", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0091. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167502);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/15\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0091)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has libwebp packages installed that are affected by multiple\nvulnerabilities:\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). (CVE-2018-25009)\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().\n (CVE-2018-25010)\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). (CVE-2018-25012)\n\n - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().\n (CVE-2018-25013)\n\n - A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().\n (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive\n amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0091\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2018-25009\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2018-25010\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2018-25012\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2018-25013\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2018-25014\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-36330\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-36331\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-36332\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libwebp packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-25014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'libwebp-1.0.0-5.el8'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:47", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4231 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : libwebp (ELSA-2021-4231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libwebp", "p-cpe:/a:oracle:linux:libwebp-devel"], "id": "ORACLELINUX_ELSA-2021-4231.NASL", "href": "https://www.tenable.com/plugins/nessus/155405", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4231.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155405);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n\n script_name(english:\"Oracle Linux 8 : libwebp (ELSA-2021-4231)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4231 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function\n ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive\n amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25010)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4231.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libwebp and / or libwebp-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-25014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwebp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp / libwebp-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:20", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4231 advisory.\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n - libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n - libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n - libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n - libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n - libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n - libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : libwebp (CESA-2021:4231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:libwebp", "p-cpe:/a:centos:centos:libwebp-devel"], "id": "CENTOS8_RHSA-2021-4231.NASL", "href": "https://www.tenable.com/plugins/nessus/155205", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4231. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155205);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4231\");\n\n script_name(english:\"CentOS 8 : libwebp (CESA-2021:4231)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4231 advisory.\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n - libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n - libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n - libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n - libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n - libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n - libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n - libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4231\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libwebp and / or libwebp-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-25014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwebp-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp / libwebp-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:19", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4231 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : libwebp (ALSA-2021:4231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libwebp", "p-cpe:/a:alma:linux:libwebp-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4231.NASL", "href": "https://www.tenable.com/plugins/nessus/157577", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4231.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157577);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4231\");\n\n script_name(english:\"AlmaLinux 8 : libwebp (ALSA-2021:4231)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4231 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function\n ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive\n amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4231.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libwebp and / or libwebp-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-25014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libwebp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-1.0.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwebp-devel-1.0.0-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp / libwebp-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:22:08", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4396 advisory.\n\n - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2019-5827)\n\n - Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. (CVE-2019-13750)\n\n - Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2019-13751)\n\n - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. (CVE-2019-19603)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : sqlite (ALSA-2021:4396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-19603", "CVE-2019-5827", "CVE-2020-13435"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:lemon", "p-cpe:/a:alma:linux:sqlite", "p-cpe:/a:alma:linux:sqlite-devel", "p-cpe:/a:alma:linux:sqlite-doc", "p-cpe:/a:alma:linux:sqlite-libs", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4396.NASL", "href": "https://www.tenable.com/plugins/nessus/157628", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4396.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157628);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2019-5827\",\n \"CVE-2019-13750\",\n \"CVE-2019-13751\",\n \"CVE-2019-19603\",\n \"CVE-2020-13435\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4396\");\n script_xref(name:\"IAVA\", value:\"2019-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0444-S\");\n\n script_name(english:\"AlmaLinux 8 : sqlite (ALSA-2021:4396)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4396 advisory.\n\n - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2019-5827)\n\n - Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to\n bypass defense-in-depth measures via a crafted HTML page. (CVE-2019-13750)\n\n - Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2019-13751)\n\n - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application\n crash. (CVE-2019-19603)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4396.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5827\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:sqlite-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'lemon-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-02T15:09:29", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4396 advisory.\n\n - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. (CVE-2019-19603)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)\n\n - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2019-5827)\n\n - Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (CVE-2019-13751)\n\n - Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. (CVE-2019-13750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : sqlite (ELSA-2021-4396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-19603", "CVE-2019-5827", "CVE-2020-13435"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:lemon", "p-cpe:/a:oracle:linux:sqlite", "p-cpe:/a:oracle:linux:sqlite-devel", "p-cpe:/a:oracle:linux:sqlite-doc", "p-cpe:/a:oracle:linux:sqlite-libs"], "id": "ORACLELINUX_ELSA-2021-4396.NASL", "href": "https://www.tenable.com/plugins/nessus/155418", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4396.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155418);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\n \"CVE-2019-5827\",\n \"CVE-2019-13750\",\n \"CVE-2019-13751\",\n \"CVE-2019-19603\",\n \"CVE-2020-13435\"\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0444-S\");\n\n script_name(english:\"Oracle Linux 8 : sqlite (ELSA-2021-4396)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4396 advisory.\n\n - SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application\n crash. (CVE-2019-19603)\n\n - SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. (CVE-2020-13435)\n\n - Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2019-5827)\n\n - Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain\n potentially sensitive information from process memory via a crafted HTML page. (CVE-2019-13751)\n\n - Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to\n bypass defense-in-depth measures via a crafted HTML page. (CVE-2019-13750)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4396.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5827\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sqlite-libs\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'lemon-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lemon-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-03T14:57:54", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4396 advisory.\n\n - sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)\n\n - sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)\n\n - sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)\n\n - sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)\n\n - sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : sqlite (CESA-2021:4396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-19603", "CVE-2019-5827", "CVE-2020-13435"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:lemon", "p-cpe:/a:centos:centos:sqlite", "p-cpe:/a:centos:centos:sqlite-devel", "p-cpe:/a:centos:centos:sqlite-doc", "p-cpe:/a:centos:centos:sqlite-libs"], "id": "CENTOS8_RHSA-2021-4396.NASL", "href": "https://www.tenable.com/plugins/nessus/155196", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4396. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155196);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2019-5827\",\n \"CVE-2019-13750\",\n \"CVE-2019-13751\",\n \"CVE-2019-19603\",\n \"CVE-2020-13435\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4396\");\n script_xref(name:\"IAVA\", value:\"2019-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0444-S\");\n\n script_name(english:\"CentOS 8 : sqlite (CESA-2021:4396)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4396 advisory.\n\n - sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)\n\n - sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)\n\n - sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)\n\n - sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)\n\n - sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4396\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5827\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sqlite-libs\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'lemon-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'lemon-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:34:15", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4396 advisory.\n\n - sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)\n\n - sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)\n\n - sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)\n\n - sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)\n\n - sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : sqlite (RHSA-2021:4396)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-19603", "CVE-2019-5827", "CVE-2020-13435"], "modified": "2023-09-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:lemon", "p-cpe:/a:redhat:enterprise_linux:sqlite", "p-cpe:/a:redhat:enterprise_linux:sqlite-devel", "p-cpe:/a:redhat:enterprise_linux:sqlite-doc", "p-cpe:/a:redhat:enterprise_linux:sqlite-libs", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6"], "id": "REDHAT-RHSA-2021-4396.NASL", "href": "https://www.tenable.com/plugins/nessus/155211", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4396. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155211);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/13\");\n\n script_cve_id(\n \"CVE-2019-5827\",\n \"CVE-2019-13750\",\n \"CVE-2019-13751\",\n \"CVE-2019-19603\",\n \"CVE-2020-13435\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4396\");\n\n script_name(english:\"RHEL 8 : sqlite (RHSA-2021:4396)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4396 advisory.\n\n - sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)\n\n - sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)\n\n - sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)\n\n - sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)\n\n - sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-5827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1706805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1785318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1841231\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5827\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 125, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'lemon-3.26.0-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'lemon-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-devel-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-doc-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sqlite-libs-3.26.0-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-libs');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:14", "description": "This update for libwebp fixes the following issues :\n\nCVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).\n\nCVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).\n\nCVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).\n\nCVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).\n\nCVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).\n\nCVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).\n\nCVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).\n\nCVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).\n\nCVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : libwebp (SUSE-SU-2021:1830-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libwebp-debugsource", "p-cpe:/a:novell:suse_linux:libwebp5", "p-cpe:/a:novell:suse_linux:libwebp5-debuginfo", "p-cpe:/a:novell:suse_linux:libwebpdemux1", "p-cpe:/a:novell:suse_linux:libwebpdemux1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1830-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1830-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150190);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\"CVE-2018-25009\", \"CVE-2018-25010\", \"CVE-2018-25011\", \"CVE-2018-25012\", \"CVE-2018-25013\", \"CVE-2020-36329\", \"CVE-2020-36330\", \"CVE-2020-36331\", \"CVE-2020-36332\");\n\n script_name(english:\"SUSE SLES12 Security Update : libwebp (SUSE-SU-2021:1830-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libwebp fixes the following issues :\n\nCVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter()\n(bsc#1185685).\n\nCVE-2020-36330: Fixed heap-based buffer overflow in\nChunkVerifyAndAssign() (bsc#1185691).\n\nCVE-2020-36332: Fixed extreme memory allocation when reading a file\n(bsc#1185674).\n\nCVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).\n\nCVE-2018-25012: Fixed heap-based buffer overflow in GetLE24()\n(bsc#1185690).\n\nCVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes()\n(bsc#1185654).\n\nCVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData()\n(bsc#1185686).\n\nCVE-2018-25009: Fixed heap-based buffer overflow in GetLE16()\n(bsc#1185673).\n\nCVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1186247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-25009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-25010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-25011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-25012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-25013/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36329/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36330/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36331/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36332/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211830-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3e1df43\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1830=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1830=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-1830=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-1830=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-1830=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1830=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1830=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-1830=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1830=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-1830=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-1830=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-1830=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-1830=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebp5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebp5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebpdemux1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebpdemux1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebp-debugsource-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebp5-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebp5-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebp5-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebp5-debuginfo-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebpdemux1-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebpdemux1-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebp-debugsource-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebp5-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebp5-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebp5-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebp5-debuginfo-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebpdemux1-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebpdemux1-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebp-debugsource-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebp5-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebp5-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebp5-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebp5-debuginfo-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebpdemux1-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebpdemux1-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebp-debugsource-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebp5-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebp5-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebp5-debuginfo-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebp5-debuginfo-32bit-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebpdemux1-0.4.3-4.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwebpdemux1-debuginfo-0.4.3-4.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebp\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T12:55:21", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has libtiff packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. (CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. (CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : libtiff Multiple Vulnerabilities (NS-SA-2022-0084)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2022-11-15T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:libtiff", "p-cpe:/a:zte:cgsl_main:libtiff-devel", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0084_LIBTIFF.NASL", "href": "https://www.tenable.com/plugins/nessus/167491", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0084. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167491);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/15\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : libtiff Multiple Vulnerabilities (NS-SA-2022-0084)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has libtiff packages installed that are affected by multiple\nvulnerabilities:\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can\n lead to an abort, resulting in denial of service. (CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service attack. (CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's\n TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0084\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-35521\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-35522\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-35523\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-35524\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libtiff packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35524\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'libtiff-4.0.9-20.el8',\n 'libtiff-devel-4.0.9-20.el8'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:20:54", "description": "According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : libtiff (EulerOS-SA-2021-1880)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "p-cpe:/a:huawei:euleros:libtiff-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1880.NASL", "href": "https://www.tenable.com/plugins/nessus/149531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149531);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/20\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : libtiff (EulerOS-SA-2021-1880)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff\n in the handling of TIFF images in libtiff's TIFF2PDF\n tool. A specially crafted TIFF file can lead to\n arbitrary code execution. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation\n failure in tif_read.c, a crafted TIFF file can lead to\n an abort, resulting in denial of\n service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in\n tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service\n attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that\n exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a\n user opens a crafted TIFF file. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1880\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?acfa2ee3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.9-11.h11.eulerosv2r8\",\n \"libtiff-devel-4.0.9-11.h11.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:29:49", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4241 advisory.\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. (CVE-2020-35521)\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. (CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : libtiff (ELSA-2021-4241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libtiff", "p-cpe:/a:oracle:linux:libtiff-devel", "p-cpe:/a:oracle:linux:libtiff-tools"], "id": "ORACLELINUX_ELSA-2021-4241.NASL", "href": "https://www.tenable.com/plugins/nessus/155387", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4241.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155387);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"Oracle Linux 8 : libtiff (ELSA-2021-4241)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4241 advisory.\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can\n lead to an abort, resulting in denial of service. (CVE-2020-35521)\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's\n TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service attack. (CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4241.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff, libtiff-devel and / or libtiff-tools packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35524\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libtiff-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / libtiff-devel / libtiff-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:20:24", "description": "The remote host is affected by the vulnerability described in GLSA-202104-06 (libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in LibTIFF. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker, by enticing the user to process a specially crafted TIFF file, could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-06 : libTIFF: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-05-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tiff", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-06.NASL", "href": "https://www.tenable.com/plugins/nessus/149228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-06.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149228);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/05\");\n\n script_cve_id(\"CVE-2020-35521\", \"CVE-2020-35522\", \"CVE-2020-35523\", \"CVE-2020-35524\");\n script_xref(name:\"GLSA\", value:\"202104-06\");\n\n script_name(english:\"GLSA-202104-06 : libTIFF: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-06\n(libTIFF: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in LibTIFF. Please review\n the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker, by enticing the user to process a specially crafted\n TIFF file, could possibly execute arbitrary code with the privileges of\n the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-06\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All LibTIFF users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/tiff-4.2.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/tiff\", unaffected:make_list(\"ge 4.2.0\"), vulnerable:make_list(\"lt 4.2.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libTIFF\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:19:45", "description": "According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2021-1716)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1716.NASL", "href": "https://www.tenable.com/plugins/nessus/148580", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148580);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2021-1716)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff\n in the handling of TIFF images in libtiff's TIFF2PDF\n tool. A specially crafted TIFF file can lead to\n arbitrary code execution. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation\n failure in tif_read.c, a crafted TIFF file can lead to\n an abort, resulting in denial of\n service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in\n tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service\n attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that\n exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a\n user opens a crafted TIFF file. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1716\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca5c0faa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.1.0-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:19:07", "description": "According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2021-1754)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1754.NASL", "href": "https://www.tenable.com/plugins/nessus/148584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148584);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2021-1754)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff\n in the handling of TIFF images in libtiff's TIFF2PDF\n tool. A specially crafted TIFF file can lead to\n arbitrary code execution. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation\n failure in tif_read.c, a crafted TIFF file can lead to\n an abort, resulting in denial of\n service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in\n tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service\n attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that\n exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a\n user opens a crafted TIFF file. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1754\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?061fde60\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.1.0-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-29T14:40:41", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4241 advisory.\n\n - libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521, CVE-2020-35522)\n\n - libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)\n\n - libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : libtiff (RHSA-2021:4241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libtiff", "p-cpe:/a:redhat:enterprise_linux:libtiff-devel", "p-cpe:/a:redhat:enterprise_linux:libtiff-tools"], "id": "REDHAT-RHSA-2021-4241.NASL", "href": "https://www.tenable.com/plugins/nessus/155112", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4241. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155112);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4241\");\n\n script_name(english:\"RHEL 8 : libtiff (RHSA-2021:4241)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4241 advisory.\n\n - libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521, CVE-2020-35522)\n\n - libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)\n\n - libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1932034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1932037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1932040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1932044\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff, libtiff-devel and / or libtiff-tools packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35524\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 190, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtiff-tools\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libtiff-4.0.9-20.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libtiff-4.0.9-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / libtiff-devel / libtiff-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T14:15:35", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4241 advisory.\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. (CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. (CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : libtiff (ALSA-2021:4241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:libtiff", "p-cpe:/a:alma:linux:libtiff-devel", "p-cpe:/a:alma:linux:libtiff-tools", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4241.NASL", "href": "https://www.tenable.com/plugins/nessus/157630", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4241.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157630);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4241\");\n\n script_name(english:\"AlmaLinux 8 : libtiff (ALSA-2021:4241)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4241 advisory.\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can\n lead to an abort, resulting in denial of service. (CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service attack. (CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35523)\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's\n TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from\n this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-35524)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4241.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff, libtiff-devel and / or libtiff-tools packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35524\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libtiff-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / libtiff-devel / libtiff-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:05", "description": "An update of the libwebp package has been released.", "cvss3": {}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Libwebp PHSA-2021-2.0-0351", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-06-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libwebp", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0351_LIBWEBP.NASL", "href": "https://www.tenable.com/plugins/nessus/150424", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0351. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150424);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/09\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25011\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36328\",\n \"CVE-2020-36329\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n\n script_name(english:\"Photon OS 2.0: Libwebp PHSA-2021-2.0-0351\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libwebp package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-351.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36329\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'libwebp-1.0.3-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'libwebp-devel-1.0.3-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:22:21", "description": "According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2021-1930)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1930.NASL", "href": "https://www.tenable.com/plugins/nessus/150197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150197);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2021-1930)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff\n in the handling of TIFF images in libtiff's TIFF2PDF\n tool. A specially crafted TIFF file can lead to\n arbitrary code execution. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation\n failure in tif_read.c, a crafted TIFF file can lead to\n an abort, resulting in denial of\n service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in\n tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service\n attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that\n exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a\n user opens a crafted TIFF file. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1930\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f4ac8d8f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.1.0-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:21:54", "description": "According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2021-1951)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1951.NASL", "href": "https://www.tenable.com/plugins/nessus/150177", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150177);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : libtiff (EulerOS-SA-2021-1951)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff\n in the handling of TIFF images in libtiff's TIFF2PDF\n tool. A specially crafted TIFF file can lead to\n arbitrary code execution. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation\n failure in tif_read.c, a crafted TIFF file can lead to\n an abort, resulting in denial of\n service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in\n tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service\n attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that\n exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a\n user opens a crafted TIFF file. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1951\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33b86055\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.1.0-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:22:04", "description": "According to the versions of the libtiff packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : libtiff (EulerOS-SA-2021-2003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libtiff", "p-cpe:/a:huawei:euleros:libtiff-devel", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-2003.NASL", "href": "https://www.tenable.com/plugins/nessus/151185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151185);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/02\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : libtiff (EulerOS-SA-2021-2003)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libtiff packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A heap-based buffer overflow flaw was found in libtiff\n in the handling of TIFF images in libtiff's TIFF2PDF\n tool. A specially crafted TIFF file can lead to\n arbitrary code execution. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-35524)\n\n - A flaw was found in libtiff. Due to a memory allocation\n failure in tif_read.c, a crafted TIFF file can lead to\n an abort, resulting in denial of\n service.(CVE-2020-35521)\n\n - In LibTIFF, there is a memory malloc failure in\n tif_pixarlog.c. A crafted TIFF document can lead to an\n abort, resulting in a remote denial of service\n attack.(CVE-2020-35522)\n\n - An integer overflow flaw was found in libtiff that\n exists in the tif_getimage.c file. This flaw allows an\n attacker to inject and execute arbitrary code when a\n user opens a crafted TIFF file. The highest threat from\n this vulnerability is to confidentiality, integrity, as\n well as system availability.(CVE-2020-35523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cfed5eea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libtiff-4.0.9-11.h11.eulerosv2r8\",\n \"libtiff-devel-4.0.9-11.h11.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libtiff\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-27T14:28:47", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4241 advisory.\n\n - libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521, CVE-2020-35522)\n\n - libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)\n\n - libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : libtiff (CESA-2021:4241)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:libtiff", "p-cpe:/a:centos:centos:libtiff-devel", "p-cpe:/a:centos:centos:libtiff-tools"], "id": "CENTOS8_RHSA-2021-4241.NASL", "href": "https://www.tenable.com/plugins/nessus/155063", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4241. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155063);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2020-35521\",\n \"CVE-2020-35522\",\n \"CVE-2020-35523\",\n \"CVE-2020-35524\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4241\");\n\n script_name(english:\"CentOS 8 : libtiff (CESA-2021:4241)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4241 advisory.\n\n - libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521, CVE-2020-35522)\n\n - libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523)\n\n - libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4241\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libtiff, libtiff-devel and / or libtiff-tools packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35524\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtiff-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-devel-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtiff-tools-4.0.9-20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff / libtiff-devel / libtiff-tools');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:48:22", "description": "According to the versions of the libsepol package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : libsepol (EulerOS-SA-2022-1245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2022-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsepol", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1245.NASL", "href": "https://www.tenable.com/plugins/nessus/158411", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158411);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : libsepol (EulerOS-SA-2022-1245)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libsepol package installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from\n cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly\n from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements\n in an optional block. (CVE-2021-36087)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1245\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61b54aed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsepol packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsepol-3.1-1.h11.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsepol\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:43", "description": "According to the versions of the libsepol package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : libsepol (EulerOS-SA-2022-1309)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2022-03-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsepol", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1309.NASL", "href": "https://www.tenable.com/plugins/nessus/158535", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158535);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/02\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : libsepol (EulerOS-SA-2022-1309)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libsepol package installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from\n cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly\n from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements\n in an optional block. (CVE-2021-36087)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1309\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41584c56\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsepol packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsepol-2.9-1.h10.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsepol\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:25:41", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4513 advisory.\n\n - libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084, CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : libsepol (RHSA-2021:4513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:libsepol", "p-cpe:/a:redhat:enterprise_linux:libsepol-devel", "p-cpe:/a:redhat:enterprise_linux:libsepol-static"], "id": "REDHAT-RHSA-2021-4513.NASL", "href": "https://www.tenable.com/plugins/nessus/155202", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4513. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155202);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4513\");\n\n script_name(english:\"RHEL 8 : libsepol (RHSA-2021:4513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4513 advisory.\n\n - libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084, CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from\n cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36085\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1979662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1979664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1979668\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsepol, libsepol-devel and / or libsepol-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsepol-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsepol-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libsepol-2.9-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libsepol-2.9-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsepol / libsepol-devel / libsepol-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:18", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4513 advisory.\n\n - libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084, CVE-2021-36085)\n\n - libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086)\n\n - libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : libsepol (CESA-2021:4513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:libsepol", "p-cpe:/a:centos:centos:libsepol-devel", "p-cpe:/a:centos:centos:libsepol-static"], "id": "CENTOS8_RHSA-2021-4513.NASL", "href": "https://www.tenable.com/plugins/nessus/155077", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4513. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155077);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4513\");\n\n script_name(english:\"CentOS 8 : libsepol (CESA-2021:4513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4513 advisory.\n\n - libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084, CVE-2021-36085)\n\n - libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086)\n\n - libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4513\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsepol, libsepol-devel and / or libsepol-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsepol-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsepol-static\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'libsepol-2.9-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-2.9-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsepol / libsepol-devel / libsepol-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:56:05", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4971-1 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25011)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)\n\n - A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36329)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-01T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : libwebp vulnerabilities (USN-4971-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:libwebp-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebp6", "p-cpe:/a:canonical:ubuntu_linux:libwebpdemux2", "p-cpe:/a:canonical:ubuntu_linux:libwebpmux3", "p-cpe:/a:canonical:ubuntu_linux:webp"], "id": "UBUNTU_USN-4971-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150131", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4971-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150131);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25011\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36328\",\n \"CVE-2020-36329\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n script_xref(name:\"USN\", value:\"4971-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : libwebp vulnerabilities (USN-4971-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4971-1 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2018-25011)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function\n ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function\n WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)\n\n - A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being\n killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2020-36329)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive\n amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4971-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36329\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebp6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebpdemux2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebpmux3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|20\\.10|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 20.10 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'libwebp-dev', 'pkgver': '0.6.1-2ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebp6', 'pkgver': '0.6.1-2ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebpdemux2', 'pkgver': '0.6.1-2ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libwebpmux3', 'pkgver': '0.6.1-2ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'webp', 'pkgver': '0.6.1-2ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebp-dev', 'pkgver': '0.6.1-2ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebp6', 'pkgver': '0.6.1-2ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebpdemux2', 'pkgver': '0.6.1-2ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwebpmux3', 'pkgver': '0.6.1-2ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'webp', 'pkgver': '0.6.1-2ubuntu0.20.04.1'},\n {'osver': '20.10', 'pkgname': 'libwebp-dev', 'pkgver': '0.6.1-2ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libwebp6', 'pkgver': '0.6.1-2ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libwebpdemux2', 'pkgver': '0.6.1-2ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'libwebpmux3', 'pkgver': '0.6.1-2ubuntu0.20.10.1'},\n {'osver': '20.10', 'pkgname': 'webp', 'pkgver': '0.6.1-2ubuntu0.20.10.1'},\n {'osver': '21.04', 'pkgname': 'libwebp-dev', 'pkgver': '0.6.1-2ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libwebp6', 'pkgver': '0.6.1-2ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libwebpdemux2', 'pkgver': '0.6.1-2ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libwebpmux3', 'pkgver': '0.6.1-2ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'webp', 'pkgver': '0.6.1-2ubuntu0.21.04.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp-dev / libwebp6 / libwebpdemux2 / libwebpmux3 / webp');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:23", "description": "An update of the libwebp package has been released.", "cvss3": {}, "published": "2021-05-30T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Libwebp PHSA-2021-3.0-0244", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-05-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:libwebp", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0244_LIBWEBP.NASL", "href": "https://www.tenable.com/plugins/nessus/150068", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0244. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150068);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/30\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25011\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36328\",\n \"CVE-2020-36329\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n\n script_name(english:\"Photon OS 3.0: Libwebp PHSA-2021-3.0-0244\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the libwebp package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-244.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36329\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'libwebp-1.0.3-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'libwebp-devel-1.0.3-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:46", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4513 advisory.\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : libsepol (ELSA-2021-4513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:libsepol", "p-cpe:/a:oracle:linux:libsepol-devel", "p-cpe:/a:oracle:linux:libsepol-static"], "id": "ORACLELINUX_ELSA-2021-4513.NASL", "href": "https://www.tenable.com/plugins/nessus/155432", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4513.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155432);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n\n script_name(english:\"Oracle Linux 8 : libsepol (ELSA-2021-4513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4513 advisory.\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from\n cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly\n from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements\n in an optional block. (CVE-2021-36087)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4513.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsepol, libsepol-devel and / or libsepol-static packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsepol-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsepol-static\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'libsepol-2.9-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-2.9-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-2.9-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-2.9-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-2.9-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsepol / libsepol-devel / libsepol-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:16", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-170 advisory.\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-04T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-170)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2022-11-04T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libsepol", "p-cpe:/a:amazon:linux:libsepol-debuginfo", "p-cpe:/a:amazon:linux:libsepol-debugsource", "p-cpe:/a:amazon:linux:libsepol-devel", "p-cpe:/a:amazon:linux:libsepol-static", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-170.NASL", "href": "https://www.tenable.com/plugins/nessus/166992", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-170.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166992);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/04\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-170)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-170 advisory.\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from\n cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly\n from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements\n in an optional block. (CVE-2021-36087)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-170.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-36084.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-36085.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-36086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-36087.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update libsepol --releasever=2022.0.20221102' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsepol-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsepol-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsepol-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsepol-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'libsepol-3.3-2.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-3.3-2.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-3.3-2.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-debuginfo-3.3-2.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-debuginfo-3.3-2.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-debuginfo-3.3-2.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-debugsource-3.3-2.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-debugsource-3.3-2.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-debugsource-3.3-2.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-3.3-2.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-3.3-2.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-devel-3.3-2.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-3.3-2.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-3.3-2.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsepol-static-3.3-2.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsepol / libsepol-debuginfo / libsepol-debugsource / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:22", "description": "Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed.", "cvss3": {}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "Debian DSA-4930-1 : libwebp - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-06-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libwebp", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4930.NASL", "href": "https://www.tenable.com/plugins/nessus/150705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4930. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150705);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/15\");\n\n script_cve_id(\"CVE-2018-25009\", \"CVE-2018-25010\", \"CVE-2018-25011\", \"CVE-2018-25013\", \"CVE-2018-25014\", \"CVE-2020-36328\", \"CVE-2020-36329\", \"CVE-2020-36330\", \"CVE-2020-36331\", \"CVE-2020-36332\");\n script_xref(name:\"DSA\", value:\"4930\");\n\n script_name(english:\"Debian DSA-4930-1 : libwebp - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were discovered in libwebp, the\nimplementation of the WebP image format, which could result in denial\nof service, memory disclosure or potentially the execution of\narbitrary code if malformed images are processed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libwebp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/libwebp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4930\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the libwebp packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 0.6.1-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libwebp-dev\", reference:\"0.6.1-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebp6\", reference:\"0.6.1-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebpdemux2\", reference:\"0.6.1-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libwebpmux3\", reference:\"0.6.1-2+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"webp\", reference:\"0.6.1-2+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-11T14:34:17", "description": "The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5391-1 advisory.\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. (CVE-2021-36087)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-27T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : libsepol vulnerabilities (USN-5391-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libsepol1", "p-cpe:/a:canonical:ubuntu_linux:libsepol1-dev", "p-cpe:/a:canonical:ubuntu_linux:sepol-utils"], "id": "UBUNTU_USN-5391-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160233", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5391-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160233);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\n \"CVE-2021-36084\",\n \"CVE-2021-36085\",\n \"CVE-2021-36086\",\n \"CVE-2021-36087\"\n );\n script_xref(name:\"USN\", value:\"5391-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : libsepol vulnerabilities (USN-5391-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5391-1 advisory.\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __cil_verify_classpermission and __cil_pre_verify_helper). (CVE-2021-36084)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from\n __verify_map_perm_classperms and hashtab_map). (CVE-2021-36085)\n\n - The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from\n cil_reset_classperms_set and cil_reset_classperms_list). (CVE-2021-36086)\n\n - The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly\n from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements\n in an optional block. (CVE-2021-36087)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5391-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libsepol1, libsepol1-dev and / or sepol-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36087\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsepol1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsepol1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sepol-utils\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '21.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libsepol1', 'pkgver': '2.4-2ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'libsepol1-dev', 'pkgver': '2.4-2ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'sepol-utils', 'pkgver': '2.4-2ubuntu0.1~esm1'},\n {'osver': '18.04', 'pkgname': 'libsepol1', 'pkgver': '2.7-1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'libsepol1-dev', 'pkgver': '2.7-1ubuntu0.1'},\n {'osver': '18.04', 'pkgname': 'sepol-utils', 'pkgver': '2.7-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsepol1', 'pkgver': '3.0-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsepol1-dev', 'pkgver': '3.0-1ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'sepol-utils', 'pkgver': '3.0-1ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsepol1', 'pkgver': '3.1-1ubuntu2.1'},\n {'osver': '21.10', 'pkgname': 'libsepol1-dev', 'pkgver': '3.1-1ubuntu2.1'},\n {'osver': '21.10', 'pkgname': 'sepol-utils', 'pkgver': '3.1-1ubuntu2.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsepol1 / libsepol1-dev / sepol-utils');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:13", "description": "Multiple security issues have been discovered in libwebp\n\nCVE-2018-25009\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25010\n\nAn out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25011\n\nA heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2018-25012\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25013\n\nAn out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25014\n\nAn unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2020-36328\n\nA heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2020-36329\n\nA use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2020-36330\n\nAn out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2020-36331\n\nAn out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nFor Debian 9 stretch, these problems have been fixed in version 0.5.2-1+deb9u1.\n\nWe recommend that you upgrade your libwebp packages.\n\nFor the detailed security status of libwebp please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libwebp\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "Debian DLA-2672-1 : libwebp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331"], "modified": "2021-06-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libwebp-dev", "p-cpe:/a:debian:debian_linux:libwebp6", "p-cpe:/a:debian:debian_linux:libwebpdemux2", "p-cpe:/a:debian:debian_linux:libwebpmux2", "p-cpe:/a:debian:debian_linux:webp", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2672.NASL", "href": "https://www.tenable.com/plugins/nessus/150173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2672-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150173);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/09\");\n\n script_cve_id(\"CVE-2018-25009\", \"CVE-2018-25010\", \"CVE-2018-25011\", \"CVE-2018-25012\", \"CVE-2018-25013\", \"CVE-2018-25014\", \"CVE-2020-36328\", \"CVE-2020-36329\", \"CVE-2020-36330\", \"CVE-2020-36331\");\n\n script_name(english:\"Debian DLA-2672-1 : libwebp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues have been discovered in libwebp\n\nCVE-2018-25009\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nCVE-2018-25010\n\nAn out-of-bounds read was found in function ApplyFilter. The highest\nthreat from this vulnerability is to data confidentiality and to the\nservice availability.\n\nCVE-2018-25011\n\nA heap-based buffer overflow was found in PutLE16(). The highest\nthreat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\nCVE-2018-25012\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nCVE-2018-25013\n\nAn out-of-bounds read was found in function ShiftBytes. The highest\nthreat from this vulnerability is to data confidentiality and to the\nservice availability.\n\nCVE-2018-25014\n\nAn unitialized variable is used in function ReadSymbol. The highest\nthreat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\nCVE-2020-36328\n\nA heap-based buffer overflow in function WebPDecodeRGBInto is possible\ndue to an invalid check for buffer size. The highest threat from this\nvulnerability is to data confidentiality and integrity as well as\nsystem availability.\n\nCVE-2020-36329\n\nA use-after-free was found due to a thread being killed too early. The\nhighest threat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\nCVE-2020-36330\n\nAn out-of-bounds read was found in function ChunkVerifyAndAssign. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nCVE-2020-36331\n\nAn out-of-bounds read was found in function ChunkAssignData. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.5.2-1+deb9u1.\n\nWe recommend that you upgrade your libwebp packages.\n\nFor the detailed security status of libwebp please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libwebp\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libwebp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libwebp\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36329\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebp6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebpdemux2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebpmux2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libwebp-dev\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwebp6\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwebpdemux2\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwebpmux2\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"webp\", reference:\"0.5.2-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:06", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4971-2 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25011)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)\n\n - A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36329)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36331)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : libwebp vulnerabilities (USN-4971-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libwebp-dev", "p-cpe:/a:canonical:ubuntu_linux:libwebp5", "p-cpe:/a:canonical:ubuntu_linux:libwebpdemux1", "p-cpe:/a:canonical:ubuntu_linux:libwebpmux1", "p-cpe:/a:canonical:ubuntu_linux:webp"], "id": "UBUNTU_USN-4971-2.NASL", "href": "https://www.tenable.com/plugins/nessus/150492", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4971-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150492);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25011\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2018-25014\",\n \"CVE-2020-36328\",\n \"CVE-2020-36329\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\"\n );\n script_xref(name:\"USN\", value:\"4971-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : libwebp vulnerabilities (USN-4971-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4971-2 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2018-25011)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function\n ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2018-25014)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function\n WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)\n\n - A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being\n killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2020-36329)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2020-36331)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4971-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36329\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebp5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebpdemux1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebpmux1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:webp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libwebp-dev', 'pkgver': '0.4.4-1ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'libwebp5', 'pkgver': '0.4.4-1ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'libwebpdemux1', 'pkgver': '0.4.4-1ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'libwebpmux1', 'pkgver': '0.4.4-1ubuntu0.1~esm1'},\n {'osver': '16.04', 'pkgname': 'webp', 'pkgver': '0.4.4-1ubuntu0.1~esm1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libwebp-dev / libwebp5 / libwebpdemux1 / libwebpmux1 / webp');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:41", "description": "Multiple security issues have been discovered in libwebp\n\nCVE-2018-25009\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25010\n\nAn out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25011\n\nA heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2018-25012\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25013\n\nAn out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2018-25014\n\nAn unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2020-36328\n\nA heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2020-36329\n\nA use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n\nCVE-2020-36330\n\nAn out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nCVE-2020-36331\n\nAn out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.\n\nFor Debian 9 stretch, these problems have been fixed in version 0.5.2-1+deb9u1.\n\nWe recommend that you upgrade your libwebp packages.\n\nFor the detailed security status of libwebp please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libwebp\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-07T00:00:00", "type": "nessus", "title": "Debian DLA-2677-1 : libwebp security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331"], "modified": "2021-06-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libwebp-dev", "p-cpe:/a:debian:debian_linux:libwebp6", "p-cpe:/a:debian:debian_linux:libwebpdemux2", "p-cpe:/a:debian:debian_linux:libwebpmux2", "p-cpe:/a:debian:debian_linux:webp", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2677.NASL", "href": "https://www.tenable.com/plugins/nessus/150301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2677-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150301);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/09\");\n\n script_cve_id(\"CVE-2018-25009\", \"CVE-2018-25010\", \"CVE-2018-25011\", \"CVE-2018-25012\", \"CVE-2018-25013\", \"CVE-2018-25014\", \"CVE-2020-36328\", \"CVE-2020-36329\", \"CVE-2020-36330\", \"CVE-2020-36331\");\n\n script_name(english:\"Debian DLA-2677-1 : libwebp security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues have been discovered in libwebp\n\nCVE-2018-25009\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nCVE-2018-25010\n\nAn out-of-bounds read was found in function ApplyFilter. The highest\nthreat from this vulnerability is to data confidentiality and to the\nservice availability.\n\nCVE-2018-25011\n\nA heap-based buffer overflow was found in PutLE16(). The highest\nthreat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\nCVE-2018-25012\n\nAn out-of-bounds read was found in function WebPMuxCreateInternal. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nCVE-2018-25013\n\nAn out-of-bounds read was found in function ShiftBytes. The highest\nthreat from this vulnerability is to data confidentiality and to the\nservice availability.\n\nCVE-2018-25014\n\nAn unitialized variable is used in function ReadSymbol. The highest\nthreat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\nCVE-2020-36328\n\nA heap-based buffer overflow in function WebPDecodeRGBInto is possible\ndue to an invalid check for buffer size. The highest threat from this\nvulnerability is to data confidentiality and integrity as well as\nsystem availability.\n\nCVE-2020-36329\n\nA use-after-free was found due to a thread being killed too early. The\nhighest threat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\nCVE-2020-36330\n\nAn out-of-bounds read was found in function ChunkVerifyAndAssign. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nCVE-2020-36331\n\nAn out-of-bounds read was found in function ChunkAssignData. The\nhighest threat from this vulnerability is to data confidentiality and\nto the service availability.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.5.2-1+deb9u1.\n\nWe recommend that you upgrade your libwebp packages.\n\nFor the detailed security status of libwebp please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libwebp\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libwebp\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libwebp\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebp6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebpdemux2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwebpmux2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:webp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libwebp-dev\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwebp6\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwebpdemux2\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwebpmux2\", reference:\"0.5.2-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"webp\", reference:\"0.5.2-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:35", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1860-1 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2018-25011)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)\n\n - A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36329)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : libwebp (openSUSE-SU-2021:1860-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25011", "CVE-2018-25012", "CVE-2018-25013", "CVE-2020-36328", "CVE-2020-36329", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332"], "modified": "2021-07-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwebp6", "p-cpe:/a:novell:opensuse:libwebp6-32bit", "p-cpe:/a:novell:opensuse:libwebpdecoder2", "p-cpe:/a:novell:opensuse:libwebpdecoder2-32bit", "p-cpe:/a:novell:opensuse:libwebpextras0", "p-cpe:/a:novell:opensuse:libwebpextras0-32bit", "p-cpe:/a:novell:opensuse:libwebpmux2", "p-cpe:/a:novell:opensuse:libwebpmux2-32bit", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-1860.NASL", "href": "https://www.tenable.com/plugins/nessus/151699", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1860-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151699);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2018-25009\",\n \"CVE-2018-25010\",\n \"CVE-2018-25011\",\n \"CVE-2018-25012\",\n \"CVE-2018-25013\",\n \"CVE-2020-36328\",\n \"CVE-2020-36329\",\n \"CVE-2020-36330\",\n \"CVE-2020-36331\",\n \"CVE-2020-36332\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : libwebp (openSUSE-SU-2021:1860-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1860-1 advisory.\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2018-25009, CVE-2018-25012)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25010)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16().\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2018-25011)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2018-25013)\n\n - A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function\n WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-36328)\n\n - A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being\n killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2020-36329)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the\n service availability. (CVE-2020-36330)\n\n - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function\n ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service\n availability. (CVE-2020-36331)\n\n - A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive\n amount of memory. The highest threat from this vulnerability is to the service availability.\n (CVE-2020-36332)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186247\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ZIJ3ZK5FGNGJN6E65XZKMQPSQ3RKNVG/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce547ea1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36332\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36329\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n scrip